# Flog Txt Version 1 # Analyzer Version: 2024.5.0 # Analyzer Build Date: Nov 22 2024 11:36:06 # Log Creation Date: 11.01.2025 10:11:49.221 Process: id = "1" image_name = "client.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\client.exe" page_root = "0x32e19000" os_pid = "0x12c0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x4a4" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f7d5" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 119 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 120 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 121 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 122 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 123 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 124 start_va = 0x170000 end_va = 0x171fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 125 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 126 start_va = 0xbc0000 end_va = 0xbdffff monitored = 1 entry_point = 0xbdae0e region_type = mapped_file name = "client.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\client.exe") Region: id = 127 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 128 start_va = 0x7ff5ff150000 end_va = 0x7ff5ff172fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ff150000" filename = "" Region: id = 129 start_va = 0x7ffbe9010000 end_va = 0x7ffbe91d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 268 start_va = 0x400000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 269 start_va = 0x7ffbdcc50000 end_va = 0x7ffbdccb7fff monitored = 1 entry_point = 0x7ffbdcc54970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 270 start_va = 0x7ffbe6b80000 end_va = 0x7ffbe6c2cfff monitored = 0 entry_point = 0x7ffbe6b981a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 271 start_va = 0x7ffbe5f30000 end_va = 0x7ffbe6117fff monitored = 0 entry_point = 0x7ffbe5f5ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 272 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 273 start_va = 0x7ff5ff050000 end_va = 0x7ff5ff14ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ff050000" filename = "" Region: id = 274 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 275 start_va = 0x4e0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 276 start_va = 0x5e0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 277 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 278 start_va = 0x7ffbe3f10000 end_va = 0x7ffbe3f88fff monitored = 0 entry_point = 0x7ffbe3f2fb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 279 start_va = 0x7ff5fefd0000 end_va = 0x7ff5ff04dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 280 start_va = 0x7ffbe86f0000 end_va = 0x7ffbe8796fff monitored = 0 entry_point = 0x7ffbe87058d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 281 start_va = 0x7ffbe8c90000 end_va = 0x7ffbe8d2cfff monitored = 0 entry_point = 0x7ffbe8c978a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 282 start_va = 0x6b0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 283 start_va = 0x7ffbe8690000 end_va = 0x7ffbe86eafff monitored = 0 entry_point = 0x7ffbe86a38b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 284 start_va = 0x180000 end_va = 0x186fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 285 start_va = 0x7ffbe88e0000 end_va = 0x7ffbe89fbfff monitored = 0 entry_point = 0x7ffbe89202b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 286 start_va = 0x7b0000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 287 start_va = 0x190000 end_va = 0x196fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 288 start_va = 0x7ffbd2310000 end_va = 0x7ffbd23acfff monitored = 1 entry_point = 0x7ffbd2311010 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 289 start_va = 0x7ffbe8b70000 end_va = 0x7ffbe8bc1fff monitored = 0 entry_point = 0x7ffbe8b7f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 290 start_va = 0x7ffbe8d90000 end_va = 0x7ffbe900cfff monitored = 0 entry_point = 0x7ffbe8e64970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 291 start_va = 0x7ffbe62f0000 end_va = 0x7ffbe6359fff monitored = 0 entry_point = 0x7ffbe6326d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 292 start_va = 0x7ffbe83f0000 end_va = 0x7ffbe8575fff monitored = 0 entry_point = 0x7ffbe843ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 293 start_va = 0x7ffbe8a10000 end_va = 0x7ffbe8b65fff monitored = 0 entry_point = 0x7ffbe8a1a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 294 start_va = 0x1a0000 end_va = 0x1d8fff monitored = 0 entry_point = 0x1a12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 295 start_va = 0x7b0000 end_va = 0x937fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 296 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 297 start_va = 0x7ffbe8200000 end_va = 0x7ffbe823afff monitored = 0 entry_point = 0x7ffbe82012f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 298 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 299 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 300 start_va = 0x990000 end_va = 0xb10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000990000" filename = "" Region: id = 301 start_va = 0xbe0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 302 start_va = 0x1c0000 end_va = 0x1dafff monitored = 1 entry_point = 0x1dae0e region_type = mapped_file name = "client.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\client.exe") Region: id = 303 start_va = 0x7ffbe5680000 end_va = 0x7ffbe568efff monitored = 0 entry_point = 0x7ffbe5683210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 304 start_va = 0x7ffbe3da0000 end_va = 0x7ffbe3da9fff monitored = 0 entry_point = 0x7ffbe3da1350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 305 start_va = 0x7ffbcd090000 end_va = 0x7ffbcda75fff monitored = 1 entry_point = 0x7ffbcd095b60 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 306 start_va = 0x7ffbd2210000 end_va = 0x7ffbd2306fff monitored = 0 entry_point = 0x7ffbd2234d80 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\System32\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll") Region: id = 307 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 308 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 309 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 310 start_va = 0x7ffb6d970000 end_va = 0x7ffb6d97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb6d970000" filename = "" Region: id = 311 start_va = 0x7ffb6d980000 end_va = 0x7ffb6d98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb6d980000" filename = "" Region: id = 312 start_va = 0x7ffb6d990000 end_va = 0x7ffb6da1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb6d990000" filename = "" Region: id = 313 start_va = 0x7ffb6da20000 end_va = 0x7ffb6da8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb6da20000" filename = "" Region: id = 314 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 315 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 316 start_va = 0x5e0000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 317 start_va = 0x6a0000 end_va = 0x6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006a0000" filename = "" Region: id = 318 start_va = 0x1fe0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 319 start_va = 0x20b0000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020b0000" filename = "" Region: id = 320 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 321 start_va = 0x21b0000 end_va = 0x1a1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 322 start_va = 0x1a1b0000 end_va = 0x1a51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a1b0000" filename = "" Region: id = 323 start_va = 0x1a520000 end_va = 0x1a629fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a520000" filename = "" Region: id = 324 start_va = 0x1a630000 end_va = 0x1a72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a630000" filename = "" Region: id = 325 start_va = 0x1a730000 end_va = 0x1aa66fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 326 start_va = 0x7ffbcbba0000 end_va = 0x7ffbcd087fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\f89061884b75dab0e3967d7221e5290d\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\f89061884b75dab0e3967d7221e5290d\\mscorlib.ni.dll") Region: id = 327 start_va = 0x7ff5fefb0000 end_va = 0x7ff5ff04ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fefb0000" filename = "" Region: id = 328 start_va = 0x7ff5fefa0000 end_va = 0x7ff5fefaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fefa0000" filename = "" Region: id = 329 start_va = 0x7ffbe6470000 end_va = 0x7ffbe65b2fff monitored = 0 entry_point = 0x7ffbe6498210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 330 start_va = 0x1fe0000 end_va = 0x209ffff monitored = 0 entry_point = 0x2000da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 331 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 332 start_va = 0x1aa70000 end_va = 0x1ab4cfff monitored = 0 entry_point = 0x1aace0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 333 start_va = 0x7ffb6da90000 end_va = 0x7ffb6da9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb6da90000" filename = "" Region: id = 334 start_va = 0x7ffb6daa0000 end_va = 0x7ffb6dadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb6daa0000" filename = "" Region: id = 335 start_va = 0x7ffbd1f20000 end_va = 0x7ffbd202dfff monitored = 1 entry_point = 0x7ffbd1f21080 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 336 start_va = 0x7ffbe8810000 end_va = 0x7ffbe88d0fff monitored = 0 entry_point = 0x7ffbe8830da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 337 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 338 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 339 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 340 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 341 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 342 start_va = 0x7ffbcaf50000 end_va = 0x7ffbcbb93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\60b77585c8aa9cfd1b30a64092c81041\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\60b77585c8aa9cfd1b30a64092c81041\\system.ni.dll") Region: id = 343 start_va = 0x7ffbd1d30000 end_va = 0x7ffbd1f1afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Drawing\\43de4a177616225e9b6262468e1c3b53\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.drawing\\43de4a177616225e9b6262468e1c3b53\\system.drawing.ni.dll") Region: id = 344 start_va = 0x7ffbca050000 end_va = 0x7ffbcaf40fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Windows.Forms\\37004ddc6f466d807c52ca3b7f9f9827\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.windows.forms\\37004ddc6f466d807c52ca3b7f9f9827\\system.windows.forms.ni.dll") Region: id = 345 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 346 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 347 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 348 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 349 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 350 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 351 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 352 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 353 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 354 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 355 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 356 start_va = 0x7ffbe4fb0000 end_va = 0x7ffbe4fc6fff monitored = 0 entry_point = 0x7ffbe4fb79d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 357 start_va = 0x7ffbe4c40000 end_va = 0x7ffbe4c73fff monitored = 0 entry_point = 0x7ffbe4c5ae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 358 start_va = 0x7ffbe54c0000 end_va = 0x7ffbe54e8fff monitored = 0 entry_point = 0x7ffbe54d4530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 359 start_va = 0x7ffbe50d0000 end_va = 0x7ffbe50dafff monitored = 0 entry_point = 0x7ffbe50d19a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 360 start_va = 0x1aa70000 end_va = 0x1ab6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aa70000" filename = "" Region: id = 361 start_va = 0x7ffbc96c0000 end_va = 0x7ffbca041fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Core\\d1da4b8a843ec63bb8be25f8202bedc1\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.core\\d1da4b8a843ec63bb8be25f8202bedc1\\system.core.ni.dll") Region: id = 362 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 363 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 364 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 365 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 366 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 367 start_va = 0x1fe0000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 368 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 369 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 370 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 371 start_va = 0x7ffbe52b0000 end_va = 0x7ffbe52dcfff monitored = 0 entry_point = 0x7ffbe52c9d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 372 start_va = 0x7ffbe6120000 end_va = 0x7ffbe62e6fff monitored = 0 entry_point = 0x7ffbe617db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 373 start_va = 0x7ffbe5690000 end_va = 0x7ffbe569ffff monitored = 0 entry_point = 0x7ffbe56956e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 374 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 375 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 376 start_va = 0x5e0000 end_va = 0x5e9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 377 start_va = 0x7ffbe56a0000 end_va = 0x7ffbe56b3fff monitored = 0 entry_point = 0x7ffbe56a52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 378 start_va = 0x7ffbe6c30000 end_va = 0x7ffbe818efff monitored = 0 entry_point = 0x7ffbe6d911f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 379 start_va = 0x7ffbe6360000 end_va = 0x7ffbe63a2fff monitored = 0 entry_point = 0x7ffbe6374b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 380 start_va = 0x7ffbe58c0000 end_va = 0x7ffbe5f03fff monitored = 0 entry_point = 0x7ffbe5a864b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 381 start_va = 0x7ffbe5750000 end_va = 0x7ffbe5804fff monitored = 0 entry_point = 0x7ffbe57922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 382 start_va = 0x7ffbe5630000 end_va = 0x7ffbe567afff monitored = 0 entry_point = 0x7ffbe56335f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 383 start_va = 0x5f0000 end_va = 0x5f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 384 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 385 start_va = 0x1ab70000 end_va = 0x1ac6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ab70000" filename = "" Region: id = 386 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 387 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 388 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 389 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 390 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 391 start_va = 0x600000 end_va = 0x60dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 392 start_va = 0x1ac70000 end_va = 0x1b161fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001ac70000" filename = "" Region: id = 393 start_va = 0x1b170000 end_va = 0x1c1affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 394 start_va = 0x7ffbe3fb0000 end_va = 0x7ffbe4045fff monitored = 0 entry_point = 0x7ffbe3fd5570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 395 start_va = 0x1c1b0000 end_va = 0x1c2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c1b0000" filename = "" Region: id = 396 start_va = 0x7ffbe69f0000 end_va = 0x7ffbe6b49fff monitored = 0 entry_point = 0x7ffbe6a338e0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 397 start_va = 0x600000 end_va = 0x600fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 398 start_va = 0x1c1b0000 end_va = 0x1c26bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001c1b0000" filename = "" Region: id = 399 start_va = 0x1c2e0000 end_va = 0x1c2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2e0000" filename = "" Region: id = 400 start_va = 0x600000 end_va = 0x603fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 401 start_va = 0x7ffbe3600000 end_va = 0x7ffbe3621fff monitored = 0 entry_point = 0x7ffbe3601a40 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 402 start_va = 0x620000 end_va = 0x624fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 403 start_va = 0x630000 end_va = 0x636fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 404 start_va = 0x640000 end_va = 0x640fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 405 start_va = 0x650000 end_va = 0x650fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 406 start_va = 0x1c2f0000 end_va = 0x1c3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c2f0000" filename = "" Region: id = 407 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 408 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 409 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 410 start_va = 0x650000 end_va = 0x660fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 411 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 412 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 413 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 414 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 415 start_va = 0x690000 end_va = 0x69dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 416 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 417 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 418 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 419 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 420 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 421 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 422 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 423 start_va = 0x7ffbdecc0000 end_va = 0x7ffbdeccffff monitored = 0 entry_point = 0x7ffbdecc51b0 region_type = mapped_file name = "amsi.dll" filename = "\\Windows\\System32\\amsi.dll" (normalized: "c:\\windows\\system32\\amsi.dll") Region: id = 424 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 425 start_va = 0x670000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 426 start_va = 0x680000 end_va = 0x68dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 427 start_va = 0x690000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 428 start_va = 0x680000 end_va = 0x68ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 429 start_va = 0x940000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 430 start_va = 0x950000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000950000" filename = "" Region: id = 431 start_va = 0x960000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000960000" filename = "" Region: id = 432 start_va = 0x970000 end_va = 0x97ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 433 start_va = 0xb20000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b20000" filename = "" Region: id = 434 start_va = 0xb30000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 435 start_va = 0xb40000 end_va = 0xb5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 436 start_va = 0xb60000 end_va = 0xb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b60000" filename = "" Region: id = 437 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 438 start_va = 0x7ffbd1c00000 end_va = 0x7ffbd1d21fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Configuration\\2fe311002b76e58f2f89f897a32b62a2\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.configuration\\2fe311002b76e58f2f89f897a32b62a2\\system.configuration.ni.dll") Region: id = 439 start_va = 0x7ffbc8e10000 end_va = 0x7ffbc96b5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System.Xml\\c2f35cb9621b8ca33a05759bbb0683c1\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system.xml\\c2f35cb9621b8ca33a05759bbb0683c1\\system.xml.ni.dll") Region: id = 440 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 441 start_va = 0x7ffbe8190000 end_va = 0x7ffbe81fafff monitored = 0 entry_point = 0x7ffbe81a90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 442 start_va = 0x7ffbe4f00000 end_va = 0x7ffbe4f5bfff monitored = 0 entry_point = 0x7ffbe4f16f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 443 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 444 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 445 start_va = 0x7ffbd1b40000 end_va = 0x7ffbd1bf9fff monitored = 0 entry_point = 0x7ffbd1b45d90 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 446 start_va = 0x7ffbd1b10000 end_va = 0x7ffbd1b37fff monitored = 0 entry_point = 0x7ffbd1b1c7c0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 447 start_va = 0x7ffbde760000 end_va = 0x7ffbde773fff monitored = 0 entry_point = 0x7ffbde762d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 448 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 449 start_va = 0x1c3f0000 end_va = 0x1c4cffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 450 start_va = 0x1c4d0000 end_va = 0x1c5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c4d0000" filename = "" Region: id = 451 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 452 start_va = 0x1c5d0000 end_va = 0x1c6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c5d0000" filename = "" Region: id = 453 start_va = 0x7ffbe1670000 end_va = 0x7ffbe1737fff monitored = 0 entry_point = 0x7ffbe16b13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 454 start_va = 0x7ffbdcfa0000 end_va = 0x7ffbdcfb4fff monitored = 0 entry_point = 0x7ffbdcfa2dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 455 start_va = 0x7ffbde290000 end_va = 0x7ffbde2c7fff monitored = 0 entry_point = 0x7ffbde2a8cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 456 start_va = 0x7ffbe6b70000 end_va = 0x7ffbe6b77fff monitored = 0 entry_point = 0x7ffbe6b71ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 457 start_va = 0x7ffbde0c0000 end_va = 0x7ffbde0d5fff monitored = 0 entry_point = 0x7ffbde0c19f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 458 start_va = 0x7ffbde0a0000 end_va = 0x7ffbde0b9fff monitored = 0 entry_point = 0x7ffbde0a2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 459 start_va = 0x1c6d0000 end_va = 0x1c7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c6d0000" filename = "" Region: id = 460 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 461 start_va = 0x680000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 462 start_va = 0x680000 end_va = 0x688fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 463 start_va = 0x680000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 464 start_va = 0x680000 end_va = 0x688fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 465 start_va = 0x680000 end_va = 0x680fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 466 start_va = 0x680000 end_va = 0x688fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 467 start_va = 0x7ffbe4170000 end_va = 0x7ffbe4219fff monitored = 0 entry_point = 0x7ffbe4197910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 468 start_va = 0x7ffbde030000 end_va = 0x7ffbde03afff monitored = 0 entry_point = 0x7ffbde031d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 469 start_va = 0x1c7d0000 end_va = 0x1c8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c7d0000" filename = "" Region: id = 470 start_va = 0x7ffbdcad0000 end_va = 0x7ffbdcad9fff monitored = 0 entry_point = 0x7ffbdcad14c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 471 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 472 start_va = 0x7ffbddf70000 end_va = 0x7ffbddfd6fff monitored = 0 entry_point = 0x7ffbddf763e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 473 start_va = 0x7ffb6dae0000 end_va = 0x7ffb6daeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb6dae0000" filename = "" Region: id = 474 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 475 start_va = 0x7ffbe8a00000 end_va = 0x7ffbe8a07fff monitored = 0 entry_point = 0x7ffbe8a010b0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 476 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 477 start_va = 0x7ffbdb0e0000 end_va = 0x7ffbdb0ebfff monitored = 0 entry_point = 0x7ffbdb0e35c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 478 start_va = 0x7ffbe4b80000 end_va = 0x7ffbe4bf9fff monitored = 0 entry_point = 0x7ffbe4ba1a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 479 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 480 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 481 start_va = 0x7ffbd83d0000 end_va = 0x7ffbd83e3fff monitored = 0 entry_point = 0x7ffbd83d3710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 482 start_va = 0x7ffbe51a0000 end_va = 0x7ffbe51c6fff monitored = 0 entry_point = 0x7ffbe51b0aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 483 start_va = 0x7ffbe5160000 end_va = 0x7ffbe5199fff monitored = 0 entry_point = 0x7ffbe5168d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 484 start_va = 0x7ffbd8480000 end_va = 0x7ffbd849dfff monitored = 0 entry_point = 0x7ffbd848ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 485 start_va = 0x1c8d0000 end_va = 0x1c9cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c8d0000" filename = "" Region: id = 486 start_va = 0x7ffb6daf0000 end_va = 0x7ffb6dafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffb6daf0000" filename = "" Region: id = 487 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 488 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Region: id = 489 start_va = 0x1c9d0000 end_va = 0x1cacffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001c9d0000" filename = "" Region: id = 490 start_va = 0x1cad0000 end_va = 0x1cbcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001cad0000" filename = "" Region: id = 491 start_va = 0x670000 end_va = 0x67dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000670000" filename = "" Thread: id = 1 os_tid = 0x12c4 [0118.566] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0118.585] RoInitialize () returned 0x1 [0118.586] RoUninitialize () returned 0x0 [0124.684] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x5822e0) returned 1 [0124.690] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x1 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.691] CoTaskMemAlloc (cb=0x20) returned 0x586320 [0124.691] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586320, pdwDataLen=0x14ead0, dwFlags=0x1 | out: pbData=0x586320, pdwDataLen=0x14ead0) returned 1 [0124.693] CoTaskMemFree (pv=0x586320) [0124.693] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.694] CoTaskMemAlloc (cb=0x20) returned 0x5865f0 [0124.694] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x5865f0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x5865f0, pdwDataLen=0x14ead0) returned 1 [0124.694] CoTaskMemFree (pv=0x5865f0) [0124.694] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.694] CoTaskMemAlloc (cb=0x20) returned 0x5865f0 [0124.694] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x5865f0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x5865f0, pdwDataLen=0x14ead0) returned 1 [0124.694] CoTaskMemFree (pv=0x5865f0) [0124.694] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.694] CoTaskMemAlloc (cb=0x20) returned 0x586920 [0124.694] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586920, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586920, pdwDataLen=0x14ead0) returned 1 [0124.694] CoTaskMemFree (pv=0x586920) [0124.694] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.694] CoTaskMemAlloc (cb=0x20) returned 0x5864a0 [0124.694] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x5864a0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x5864a0, pdwDataLen=0x14ead0) returned 1 [0124.694] CoTaskMemFree (pv=0x5864a0) [0124.694] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.694] CoTaskMemAlloc (cb=0x20) returned 0x586320 [0124.694] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586320, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586320, pdwDataLen=0x14ead0) returned 1 [0124.694] CoTaskMemFree (pv=0x586320) [0124.694] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.694] CoTaskMemAlloc (cb=0x20) returned 0x586440 [0124.694] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586440, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586440, pdwDataLen=0x14ead0) returned 1 [0124.695] CoTaskMemFree (pv=0x586440) [0124.695] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.695] CoTaskMemAlloc (cb=0x20) returned 0x586320 [0124.695] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586320, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586320, pdwDataLen=0x14ead0) returned 1 [0124.695] CoTaskMemFree (pv=0x586320) [0124.695] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.695] CoTaskMemAlloc (cb=0x20) returned 0x586710 [0124.695] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586710, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586710, pdwDataLen=0x14ead0) returned 1 [0124.695] CoTaskMemFree (pv=0x586710) [0124.695] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.695] CoTaskMemAlloc (cb=0x20) returned 0x586800 [0124.695] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586800, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586800, pdwDataLen=0x14ead0) returned 1 [0124.695] CoTaskMemFree (pv=0x586800) [0124.695] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.695] CoTaskMemAlloc (cb=0x20) returned 0x5865f0 [0124.695] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x5865f0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x5865f0, pdwDataLen=0x14ead0) returned 1 [0124.695] CoTaskMemFree (pv=0x5865f0) [0124.695] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.695] CoTaskMemAlloc (cb=0x20) returned 0x586800 [0124.695] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586800, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586800, pdwDataLen=0x14ead0) returned 1 [0124.696] CoTaskMemFree (pv=0x586800) [0124.696] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.696] CoTaskMemAlloc (cb=0x20) returned 0x586740 [0124.696] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586740, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586740, pdwDataLen=0x14ead0) returned 1 [0124.696] CoTaskMemFree (pv=0x586740) [0124.696] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.696] CoTaskMemAlloc (cb=0x20) returned 0x586710 [0124.696] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586710, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586710, pdwDataLen=0x14ead0) returned 1 [0124.696] CoTaskMemFree (pv=0x586710) [0124.696] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.697] CoTaskMemAlloc (cb=0x20) returned 0x5868f0 [0124.697] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x5868f0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x5868f0, pdwDataLen=0x14ead0) returned 1 [0124.697] CoTaskMemFree (pv=0x5868f0) [0124.697] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.697] CoTaskMemAlloc (cb=0x20) returned 0x5864d0 [0124.697] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x5864d0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x5864d0, pdwDataLen=0x14ead0) returned 1 [0124.697] CoTaskMemFree (pv=0x5864d0) [0124.697] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.697] CoTaskMemAlloc (cb=0x20) returned 0x5869e0 [0124.697] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x5869e0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x5869e0, pdwDataLen=0x14ead0) returned 1 [0124.697] CoTaskMemFree (pv=0x5869e0) [0124.697] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.697] CoTaskMemAlloc (cb=0x20) returned 0x586a70 [0124.697] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586a70, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586a70, pdwDataLen=0x14ead0) returned 1 [0124.697] CoTaskMemFree (pv=0x586a70) [0124.698] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.698] CoTaskMemAlloc (cb=0x20) returned 0x586560 [0124.698] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586560, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586560, pdwDataLen=0x14ead0) returned 1 [0124.698] CoTaskMemFree (pv=0x586560) [0124.698] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 1 [0124.698] CoTaskMemAlloc (cb=0x20) returned 0x586710 [0124.698] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x586710, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x586710, pdwDataLen=0x14ead0) returned 1 [0124.698] CoTaskMemFree (pv=0x586710) [0124.698] CryptGetProvParam (in: hProv=0x5822e0, dwParam=0x1, pbData=0x0, pdwDataLen=0x14ead0, dwFlags=0x0 | out: pbData=0x0, pdwDataLen=0x14ead0) returned 0 [0124.702] CryptImportKey (in: hProv=0x5822e0, pbData=0x21e5de0*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x572180) returned 1 [0124.703] CryptContextAddRef (hProv=0x5822e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.719] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x14ead0 | out: pfEnabled=0x14ead0) returned 0x0 [0124.732] CryptContextAddRef (hProv=0x5822e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.732] CryptDuplicateKey (in: hKey=0x572180, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x571bd0) returned 1 [0124.732] CryptContextAddRef (hProv=0x5822e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.733] CryptSetKeyParam (hKey=0x571bd0, dwParam=0x4, pbData=0x21e6ad8*=0x1, dwFlags=0x0) returned 1 [0124.733] CryptSetKeyParam (hKey=0x571bd0, dwParam=0x1, pbData=0x21e6a88, dwFlags=0x0) returned 1 [0124.736] CryptDecrypt (in: hKey=0x571bd0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21e6c08, pdwDataLen=0x14eb00 | out: pbData=0x21e6c08, pdwDataLen=0x14eb00) returned 1 [0124.776] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x14baf8 | out: phkResult=0x14baf8*=0x0) returned 0x2 [0124.779] CryptDecrypt (in: hKey=0x571bd0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21e6d48, pdwDataLen=0x14eaf0 | out: pbData=0x21e6d48, pdwDataLen=0x14eaf0) returned 0 [0124.780] CryptDestroyKey (hKey=0x572180) returned 1 [0124.780] CryptReleaseContext (hProv=0x5822e0, dwFlags=0x0) returned 1 [0124.780] CryptReleaseContext (hProv=0x5822e0, dwFlags=0x0) returned 1 [0124.781] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x5834e0) returned 1 [0124.782] CryptImportKey (in: hProv=0x5834e0, pbData=0x21e8f38*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x571c40) returned 1 [0124.782] CryptContextAddRef (hProv=0x5834e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.782] CryptContextAddRef (hProv=0x5834e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.782] CryptDuplicateKey (in: hKey=0x571c40, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x571d20) returned 1 [0124.782] CryptContextAddRef (hProv=0x5834e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.782] CryptSetKeyParam (hKey=0x571d20, dwParam=0x4, pbData=0x21e9860*=0x1, dwFlags=0x0) returned 1 [0124.783] CryptSetKeyParam (hKey=0x571d20, dwParam=0x1, pbData=0x21e9810, dwFlags=0x0) returned 1 [0124.783] CryptDecrypt (in: hKey=0x571d20, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21e9990, pdwDataLen=0x14eb00 | out: pbData=0x21e9990, pdwDataLen=0x14eb00) returned 1 [0124.783] CryptDecrypt (in: hKey=0x571d20, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21e99d8, pdwDataLen=0x14eaf0 | out: pbData=0x21e99d8, pdwDataLen=0x14eaf0) returned 0 [0124.783] CryptDestroyKey (hKey=0x571c40) returned 1 [0124.783] CryptReleaseContext (hProv=0x5834e0, dwFlags=0x0) returned 1 [0124.783] CryptReleaseContext (hProv=0x5834e0, dwFlags=0x0) returned 1 [0124.783] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x5833e0) returned 1 [0124.784] CryptImportKey (in: hProv=0x5833e0, pbData=0x21e9bf0*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x571c40) returned 1 [0124.784] CryptContextAddRef (hProv=0x5833e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.784] CryptContextAddRef (hProv=0x5833e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.784] CryptDuplicateKey (in: hKey=0x571c40, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x571f50) returned 1 [0124.784] CryptContextAddRef (hProv=0x5833e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.784] CryptSetKeyParam (hKey=0x571f50, dwParam=0x4, pbData=0x21ea528*=0x1, dwFlags=0x0) returned 1 [0124.784] CryptSetKeyParam (hKey=0x571f50, dwParam=0x1, pbData=0x21ea4d8, dwFlags=0x0) returned 1 [0124.785] CryptDecrypt (in: hKey=0x571f50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21ea650, pdwDataLen=0x14eb00 | out: pbData=0x21ea650, pdwDataLen=0x14eb00) returned 1 [0124.785] CryptDecrypt (in: hKey=0x571f50, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21ea6b0, pdwDataLen=0x14eb00 | out: pbData=0x21ea6b0, pdwDataLen=0x14eb00) returned 1 [0124.785] CryptDecrypt (in: hKey=0x571f50, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21ea700, pdwDataLen=0x14eaf0 | out: pbData=0x21ea700, pdwDataLen=0x14eaf0) returned 0 [0124.785] CryptDestroyKey (hKey=0x571c40) returned 1 [0124.785] CryptReleaseContext (hProv=0x5833e0, dwFlags=0x0) returned 1 [0124.785] CryptReleaseContext (hProv=0x5833e0, dwFlags=0x0) returned 1 [0124.785] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x582be0) returned 1 [0124.786] CryptImportKey (in: hProv=0x582be0, pbData=0x21ea950*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x5722d0) returned 1 [0124.786] CryptContextAddRef (hProv=0x582be0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.786] CryptContextAddRef (hProv=0x582be0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.786] CryptDuplicateKey (in: hKey=0x5722d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x572500) returned 1 [0124.787] CryptContextAddRef (hProv=0x582be0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.787] CryptSetKeyParam (hKey=0x572500, dwParam=0x4, pbData=0x21eb278*=0x1, dwFlags=0x0) returned 1 [0124.787] CryptSetKeyParam (hKey=0x572500, dwParam=0x1, pbData=0x21eb228, dwFlags=0x0) returned 1 [0124.787] CryptDecrypt (in: hKey=0x572500, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21eb3a8, pdwDataLen=0x14eb00 | out: pbData=0x21eb3a8, pdwDataLen=0x14eb00) returned 1 [0124.787] CryptDecrypt (in: hKey=0x572500, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21eb3f0, pdwDataLen=0x14eaf0 | out: pbData=0x21eb3f0, pdwDataLen=0x14eaf0) returned 0 [0124.787] CryptDestroyKey (hKey=0x5722d0) returned 1 [0124.787] CryptReleaseContext (hProv=0x582be0, dwFlags=0x0) returned 1 [0124.787] CryptReleaseContext (hProv=0x582be0, dwFlags=0x0) returned 1 [0124.787] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x582ee0) returned 1 [0124.788] CryptImportKey (in: hProv=0x582ee0, pbData=0x21eb5f8*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x571fc0) returned 1 [0124.788] CryptContextAddRef (hProv=0x582ee0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.788] CryptContextAddRef (hProv=0x582ee0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.788] CryptDuplicateKey (in: hKey=0x571fc0, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x572420) returned 1 [0124.788] CryptContextAddRef (hProv=0x582ee0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.788] CryptSetKeyParam (hKey=0x572420, dwParam=0x4, pbData=0x21ebf20*=0x1, dwFlags=0x0) returned 1 [0124.788] CryptSetKeyParam (hKey=0x572420, dwParam=0x1, pbData=0x21ebed0, dwFlags=0x0) returned 1 [0124.789] CryptDecrypt (in: hKey=0x572420, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21ec050, pdwDataLen=0x14eb00 | out: pbData=0x21ec050, pdwDataLen=0x14eb00) returned 1 [0124.789] CryptDecrypt (in: hKey=0x572420, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21ec098, pdwDataLen=0x14eaf0 | out: pbData=0x21ec098, pdwDataLen=0x14eaf0) returned 0 [0124.789] CryptDestroyKey (hKey=0x571fc0) returned 1 [0124.789] CryptReleaseContext (hProv=0x582ee0, dwFlags=0x0) returned 1 [0124.789] CryptReleaseContext (hProv=0x582ee0, dwFlags=0x0) returned 1 [0124.789] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x5835e0) returned 1 [0124.789] CryptImportKey (in: hProv=0x5835e0, pbData=0x21ec2d0*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x572650) returned 1 [0124.789] CryptContextAddRef (hProv=0x5835e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.790] CryptContextAddRef (hProv=0x5835e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.790] CryptDuplicateKey (in: hKey=0x572650, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x571c40) returned 1 [0124.790] CryptContextAddRef (hProv=0x5835e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.790] CryptSetKeyParam (hKey=0x571c40, dwParam=0x4, pbData=0x21ecc68*=0x1, dwFlags=0x0) returned 1 [0124.790] CryptSetKeyParam (hKey=0x571c40, dwParam=0x1, pbData=0x21ecc18, dwFlags=0x0) returned 1 [0124.791] CryptDecrypt (in: hKey=0x571c40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21ecdd0, pdwDataLen=0x14eb00 | out: pbData=0x21ecdd0, pdwDataLen=0x14eb00) returned 1 [0124.791] CryptDecrypt (in: hKey=0x571c40, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21ece50, pdwDataLen=0x14eb00 | out: pbData=0x21ece50, pdwDataLen=0x14eb00) returned 1 [0124.791] CryptDecrypt (in: hKey=0x571c40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21ecea0, pdwDataLen=0x14eaf0 | out: pbData=0x21ecea0, pdwDataLen=0x14eaf0) returned 0 [0124.791] CryptDestroyKey (hKey=0x572650) returned 1 [0124.791] CryptReleaseContext (hProv=0x5835e0, dwFlags=0x0) returned 1 [0124.791] CryptReleaseContext (hProv=0x5835e0, dwFlags=0x0) returned 1 [0124.791] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x5837e0) returned 1 [0124.791] CryptImportKey (in: hProv=0x5837e0, pbData=0x21ed170*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x571fc0) returned 1 [0124.792] CryptContextAddRef (hProv=0x5837e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.792] CryptContextAddRef (hProv=0x5837e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.792] CryptDuplicateKey (in: hKey=0x571fc0, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x572650) returned 1 [0124.792] CryptContextAddRef (hProv=0x5837e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.792] CryptSetKeyParam (hKey=0x572650, dwParam=0x4, pbData=0x21edaf8*=0x1, dwFlags=0x0) returned 1 [0124.792] CryptSetKeyParam (hKey=0x572650, dwParam=0x1, pbData=0x21edaa8, dwFlags=0x0) returned 1 [0124.792] CryptDecrypt (in: hKey=0x572650, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21edc40, pdwDataLen=0x14eb00 | out: pbData=0x21edc40, pdwDataLen=0x14eb00) returned 1 [0124.793] CryptDecrypt (in: hKey=0x572650, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21edcb0, pdwDataLen=0x14eb00 | out: pbData=0x21edcb0, pdwDataLen=0x14eb00) returned 1 [0124.793] CryptDecrypt (in: hKey=0x572650, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21edcf8, pdwDataLen=0x14eaf0 | out: pbData=0x21edcf8, pdwDataLen=0x14eaf0) returned 0 [0124.793] CryptDestroyKey (hKey=0x571fc0) returned 1 [0124.793] CryptReleaseContext (hProv=0x5837e0, dwFlags=0x0) returned 1 [0124.793] CryptReleaseContext (hProv=0x5837e0, dwFlags=0x0) returned 1 [0124.793] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x5824e0) returned 1 [0124.793] CryptImportKey (in: hProv=0x5824e0, pbData=0x21edf58*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x571fc0) returned 1 [0124.794] CryptContextAddRef (hProv=0x5824e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.794] CryptContextAddRef (hProv=0x5824e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.794] CryptDuplicateKey (in: hKey=0x571fc0, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x572110) returned 1 [0124.794] CryptContextAddRef (hProv=0x5824e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.794] CryptSetKeyParam (hKey=0x572110, dwParam=0x4, pbData=0x21ee880*=0x1, dwFlags=0x0) returned 1 [0124.794] CryptSetKeyParam (hKey=0x572110, dwParam=0x1, pbData=0x21ee830, dwFlags=0x0) returned 1 [0124.795] CryptDecrypt (in: hKey=0x572110, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21ee9b0, pdwDataLen=0x14eb00 | out: pbData=0x21ee9b0, pdwDataLen=0x14eb00) returned 1 [0124.795] CryptDecrypt (in: hKey=0x572110, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21ee9f8, pdwDataLen=0x14eaf0 | out: pbData=0x21ee9f8, pdwDataLen=0x14eaf0) returned 0 [0124.795] CryptDestroyKey (hKey=0x571fc0) returned 1 [0124.795] CryptReleaseContext (hProv=0x5824e0, dwFlags=0x0) returned 1 [0124.795] CryptReleaseContext (hProv=0x5824e0, dwFlags=0x0) returned 1 [0124.795] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x5821e0) returned 1 [0124.795] CryptImportKey (in: hProv=0x5821e0, pbData=0x21eec00*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x571fc0) returned 1 [0124.795] CryptContextAddRef (hProv=0x5821e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.796] CryptContextAddRef (hProv=0x5821e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.796] CryptDuplicateKey (in: hKey=0x571fc0, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x5726c0) returned 1 [0124.796] CryptContextAddRef (hProv=0x5821e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.796] CryptSetKeyParam (hKey=0x5726c0, dwParam=0x4, pbData=0x21ef528*=0x1, dwFlags=0x0) returned 1 [0124.796] CryptSetKeyParam (hKey=0x5726c0, dwParam=0x1, pbData=0x21ef4d8, dwFlags=0x0) returned 1 [0124.796] CryptDecrypt (in: hKey=0x5726c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21ef658, pdwDataLen=0x14eb00 | out: pbData=0x21ef658, pdwDataLen=0x14eb00) returned 1 [0124.796] CryptDecrypt (in: hKey=0x5726c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21ef6a0, pdwDataLen=0x14eaf0 | out: pbData=0x21ef6a0, pdwDataLen=0x14eaf0) returned 0 [0124.797] CryptDestroyKey (hKey=0x571fc0) returned 1 [0124.797] CryptReleaseContext (hProv=0x5821e0, dwFlags=0x0) returned 1 [0124.797] CryptReleaseContext (hProv=0x5821e0, dwFlags=0x0) returned 1 [0124.797] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x582de0) returned 1 [0124.797] CryptImportKey (in: hProv=0x582de0, pbData=0x21ef8a8*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x571fc0) returned 1 [0124.797] CryptContextAddRef (hProv=0x582de0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.798] CryptContextAddRef (hProv=0x582de0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.798] CryptDuplicateKey (in: hKey=0x571fc0, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x572180) returned 1 [0124.798] CryptContextAddRef (hProv=0x582de0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.798] CryptSetKeyParam (hKey=0x572180, dwParam=0x4, pbData=0x21f01d0*=0x1, dwFlags=0x0) returned 1 [0124.798] CryptSetKeyParam (hKey=0x572180, dwParam=0x1, pbData=0x21f0180, dwFlags=0x0) returned 1 [0124.798] CryptDecrypt (in: hKey=0x572180, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f0300, pdwDataLen=0x14eb00 | out: pbData=0x21f0300, pdwDataLen=0x14eb00) returned 1 [0124.798] CryptDecrypt (in: hKey=0x572180, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21f0348, pdwDataLen=0x14eaf0 | out: pbData=0x21f0348, pdwDataLen=0x14eaf0) returned 0 [0124.799] CryptDestroyKey (hKey=0x571fc0) returned 1 [0124.799] CryptReleaseContext (hProv=0x582de0, dwFlags=0x0) returned 1 [0124.799] CryptReleaseContext (hProv=0x582de0, dwFlags=0x0) returned 1 [0124.799] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x582fe0) returned 1 [0124.799] CryptImportKey (in: hProv=0x582fe0, pbData=0x21f0550*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x571fc0) returned 1 [0124.799] CryptContextAddRef (hProv=0x582fe0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.800] CryptContextAddRef (hProv=0x582fe0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.800] CryptDuplicateKey (in: hKey=0x571fc0, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x572340) returned 1 [0124.801] CryptContextAddRef (hProv=0x582fe0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.801] CryptSetKeyParam (hKey=0x572340, dwParam=0x4, pbData=0x21f0e78*=0x1, dwFlags=0x0) returned 1 [0124.801] CryptSetKeyParam (hKey=0x572340, dwParam=0x1, pbData=0x21f0e28, dwFlags=0x0) returned 1 [0124.801] CryptDecrypt (in: hKey=0x572340, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f0fa8, pdwDataLen=0x14eb00 | out: pbData=0x21f0fa8, pdwDataLen=0x14eb00) returned 1 [0124.801] CryptDecrypt (in: hKey=0x572340, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21f0ff0, pdwDataLen=0x14eaf0 | out: pbData=0x21f0ff0, pdwDataLen=0x14eaf0) returned 0 [0124.801] CryptDestroyKey (hKey=0x571fc0) returned 1 [0124.801] CryptReleaseContext (hProv=0x582fe0, dwFlags=0x0) returned 1 [0124.801] CryptReleaseContext (hProv=0x582fe0, dwFlags=0x0) returned 1 [0124.801] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x581ae0) returned 1 [0124.802] CryptImportKey (in: hProv=0x581ae0, pbData=0x21f11f8*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x572260) returned 1 [0124.802] CryptContextAddRef (hProv=0x581ae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.802] CryptContextAddRef (hProv=0x581ae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.802] CryptDuplicateKey (in: hKey=0x572260, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x5722d0) returned 1 [0124.802] CryptContextAddRef (hProv=0x581ae0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.802] CryptSetKeyParam (hKey=0x5722d0, dwParam=0x4, pbData=0x21f1b20*=0x1, dwFlags=0x0) returned 1 [0124.803] CryptSetKeyParam (hKey=0x5722d0, dwParam=0x1, pbData=0x21f1ad0, dwFlags=0x0) returned 1 [0124.803] CryptDecrypt (in: hKey=0x5722d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f1c50, pdwDataLen=0x14eb00 | out: pbData=0x21f1c50, pdwDataLen=0x14eb00) returned 1 [0124.803] CryptDecrypt (in: hKey=0x5722d0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21f1c98, pdwDataLen=0x14eaf0 | out: pbData=0x21f1c98, pdwDataLen=0x14eaf0) returned 0 [0124.803] CryptDestroyKey (hKey=0x572260) returned 1 [0124.803] CryptReleaseContext (hProv=0x581ae0, dwFlags=0x0) returned 1 [0124.803] CryptReleaseContext (hProv=0x581ae0, dwFlags=0x0) returned 1 [0124.803] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x5826e0) returned 1 [0124.804] CryptImportKey (in: hProv=0x5826e0, pbData=0x21f1ea0*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x571fc0) returned 1 [0124.804] CryptContextAddRef (hProv=0x5826e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.804] CryptContextAddRef (hProv=0x5826e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.804] CryptDuplicateKey (in: hKey=0x571fc0, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x572260) returned 1 [0124.804] CryptContextAddRef (hProv=0x5826e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.804] CryptSetKeyParam (hKey=0x572260, dwParam=0x4, pbData=0x21f27c8*=0x1, dwFlags=0x0) returned 1 [0124.804] CryptSetKeyParam (hKey=0x572260, dwParam=0x1, pbData=0x21f2778, dwFlags=0x0) returned 1 [0124.805] CryptDecrypt (in: hKey=0x572260, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f28f8, pdwDataLen=0x14eb00 | out: pbData=0x21f28f8, pdwDataLen=0x14eb00) returned 1 [0124.805] CryptDecrypt (in: hKey=0x572260, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21f2940, pdwDataLen=0x14eaf0 | out: pbData=0x21f2940, pdwDataLen=0x14eaf0) returned 0 [0124.805] CryptDestroyKey (hKey=0x571fc0) returned 1 [0124.805] CryptReleaseContext (hProv=0x5826e0, dwFlags=0x0) returned 1 [0124.805] CryptReleaseContext (hProv=0x5826e0, dwFlags=0x0) returned 1 [0124.805] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x5836e0) returned 1 [0124.808] CryptImportKey (in: hProv=0x5836e0, pbData=0x21f2b58*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x5723b0) returned 1 [0124.808] CryptContextAddRef (hProv=0x5836e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.808] CryptContextAddRef (hProv=0x5836e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.808] CryptDuplicateKey (in: hKey=0x5723b0, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x571fc0) returned 1 [0124.808] CryptContextAddRef (hProv=0x5836e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.808] CryptSetKeyParam (hKey=0x571fc0, dwParam=0x4, pbData=0x21f3490*=0x1, dwFlags=0x0) returned 1 [0124.808] CryptSetKeyParam (hKey=0x571fc0, dwParam=0x1, pbData=0x21f3440, dwFlags=0x0) returned 1 [0124.809] CryptDecrypt (in: hKey=0x571fc0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f35b8, pdwDataLen=0x14eb00 | out: pbData=0x21f35b8, pdwDataLen=0x14eb00) returned 1 [0124.809] CryptDecrypt (in: hKey=0x571fc0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f3618, pdwDataLen=0x14eb00 | out: pbData=0x21f3618, pdwDataLen=0x14eb00) returned 1 [0124.809] CryptDecrypt (in: hKey=0x571fc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21f3660, pdwDataLen=0x14eaf0 | out: pbData=0x21f3660, pdwDataLen=0x14eaf0) returned 0 [0124.809] CryptDestroyKey (hKey=0x5723b0) returned 1 [0124.809] CryptReleaseContext (hProv=0x5836e0, dwFlags=0x0) returned 1 [0124.809] CryptReleaseContext (hProv=0x5836e0, dwFlags=0x0) returned 1 [0124.920] GetUserNameW (in: lpBuffer=0x14e900, pcbBuffer=0x14ec28 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x14ec28) returned 1 [0124.932] GetComputerNameW (in: lpBuffer=0x14e900, nSize=0x14ec28 | out: lpBuffer="XC64ZB", nSize=0x14ec28) returned 1 [0124.970] CoTaskMemAlloc (cb=0x20c) returned 0x575af0 [0124.970] GetSystemDirectoryW (in: lpBuffer=0x575af0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0124.970] CoTaskMemFree (pv=0x575af0) [0124.979] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14e510, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0124.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb90) returned 1 [0124.981] GetDiskFreeSpaceExW (in: lpDirectoryName="C:\\", lpFreeBytesAvailableToCaller=0x14ec28, lpTotalNumberOfBytes=0x14ec20, lpTotalNumberOfFreeBytes=0x14ec18 | out: lpFreeBytesAvailableToCaller=0x14ec28, lpTotalNumberOfBytes=0x14ec20, lpTotalNumberOfFreeBytes=0x14ec18) returned 1 [0124.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb40) returned 1 [0124.989] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x5829e0) returned 1 [0124.990] CryptImportKey (in: hProv=0x5829e0, pbData=0x21f5e10*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x54e8d0) returned 1 [0124.990] CryptContextAddRef (hProv=0x5829e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.991] CryptContextAddRef (hProv=0x5829e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.991] CryptDuplicateKey (in: hKey=0x54e8d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x54ebe0) returned 1 [0124.991] CryptContextAddRef (hProv=0x5829e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.991] CryptSetKeyParam (hKey=0x54ebe0, dwParam=0x4, pbData=0x21f6898*=0x1, dwFlags=0x0) returned 1 [0124.991] CryptSetKeyParam (hKey=0x54ebe0, dwParam=0x1, pbData=0x21f6848, dwFlags=0x0) returned 1 [0124.991] CryptDecrypt (in: hKey=0x54ebe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f6ae0, pdwDataLen=0x14eb00 | out: pbData=0x21f6ae0, pdwDataLen=0x14eb00) returned 1 [0124.991] CryptDecrypt (in: hKey=0x54ebe0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f6bd0, pdwDataLen=0x14eb00 | out: pbData=0x21f6bd0, pdwDataLen=0x14eb00) returned 1 [0124.991] CryptDecrypt (in: hKey=0x54ebe0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21f6c20, pdwDataLen=0x14eaf0 | out: pbData=0x21f6c20, pdwDataLen=0x14eaf0) returned 0 [0124.992] CryptDestroyKey (hKey=0x54e8d0) returned 1 [0124.992] CryptReleaseContext (hProv=0x5829e0, dwFlags=0x0) returned 1 [0124.992] CryptReleaseContext (hProv=0x5829e0, dwFlags=0x0) returned 1 [0124.992] CryptAcquireContextW (in: phProv=0x14eb18, szContainer=0x0, szProvider="Microsoft Enhanced RSA and AES Cryptographic Provider", dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x14eb18*=0x5832e0) returned 1 [0124.992] CryptImportKey (in: hProv=0x5832e0, pbData=0x21f73d0*, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x1, phKey=0x14ead0 | out: phKey=0x14ead0*=0x54e8d0) returned 1 [0124.992] CryptContextAddRef (hProv=0x5832e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.993] CryptContextAddRef (hProv=0x5832e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.993] CryptDuplicateKey (in: hKey=0x54e8d0, pdwReserved=0x0, dwFlags=0x0, phKey=0x14eaa0 | out: phKey=0x14eaa0*=0x1aad8d70) returned 1 [0124.994] CryptContextAddRef (hProv=0x5832e0, pdwReserved=0x0, dwFlags=0x0) returned 1 [0124.994] CryptSetKeyParam (hKey=0x1aad8d70, dwParam=0x4, pbData=0x21f82e8*=0x1, dwFlags=0x0) returned 1 [0124.994] CryptSetKeyParam (hKey=0x1aad8d70, dwParam=0x1, pbData=0x21f8298, dwFlags=0x0) returned 1 [0124.994] CryptDecrypt (in: hKey=0x1aad8d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f89d0, pdwDataLen=0x14eb00 | out: pbData=0x21f89d0, pdwDataLen=0x14eb00) returned 1 [0124.994] CryptDecrypt (in: hKey=0x1aad8d70, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x21f8d10, pdwDataLen=0x14eb00 | out: pbData=0x21f8d10, pdwDataLen=0x14eb00) returned 1 [0124.994] CryptDecrypt (in: hKey=0x1aad8d70, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x21f8d58, pdwDataLen=0x14eaf0 | out: pbData=0x21f8d58, pdwDataLen=0x14eaf0) returned 0 [0124.994] CryptDestroyKey (hKey=0x54e8d0) returned 1 [0124.994] CryptReleaseContext (hProv=0x5832e0, dwFlags=0x0) returned 1 [0124.994] CryptReleaseContext (hProv=0x5832e0, dwFlags=0x0) returned 1 [0125.036] CertDuplicateCertificateContext (pCertContext=0x57e480) returned 0x57e480 [0125.143] LocalAlloc (uFlags=0x0, uBytes=0x2a) returned 0x587cb0 [0125.143] memcpy (in: _Dst=0x587cb0, _Src=0x21f9ba0, _Size=0x2a | out: _Dst=0x587cb0) returned 0x587cb0 [0125.152] CryptFindOIDInfo (dwKeyType=0x2, pvKey=0x587cb0, dwGroupId=0x3) returned 0x0 [0125.162] LocalFree (hMem=0x587cb0) returned 0x0 [0125.162] LocalAlloc (uFlags=0x0, uBytes=0x2a) returned 0x1aae5600 [0125.162] memcpy (in: _Dst=0x1aae5600, _Src=0x21f9cd8, _Size=0x2a | out: _Dst=0x1aae5600) returned 0x1aae5600 [0125.162] CryptFindOIDInfo (dwKeyType=0x2, pvKey=0x1aae5600, dwGroupId=0x0) returned 0x0 [0125.167] LocalFree (hMem=0x1aae5600) returned 0x0 [0125.170] LocalAlloc (uFlags=0x0, uBytes=0x15) returned 0x1aad8900 [0125.170] memcpy (in: _Dst=0x1aad8900, _Src=0x21fa058, _Size=0x15 | out: _Dst=0x1aad8900) returned 0x1aad8900 [0125.170] CryptFindOIDInfo (dwKeyType=0x1, pvKey=0x1aad8900, dwGroupId=0x0) returned 0x7ffbe6228220 [0125.178] CryptDecodeObject (in: dwCertEncodingType=0x10001, lpszStructType=0x13, pbEncoded=0x21f9fb0, cbEncoded=0x8c, dwFlags=0x0, pvStructInfo=0x0, pcbStructInfo=0x14eb34 | out: pvStructInfo=0x0, pcbStructInfo=0x14eb34) returned 1 [0125.178] LocalAlloc (uFlags=0x0, uBytes=0x94) returned 0x55ebb0 [0125.178] CryptDecodeObject (in: dwCertEncodingType=0x10001, lpszStructType=0x13, pbEncoded=0x21f9fb0, cbEncoded=0x8c, dwFlags=0x0, pvStructInfo=0x55ebb0, pcbStructInfo=0x14eb34 | out: pvStructInfo=0x55ebb0, pcbStructInfo=0x14eb34) returned 1 [0125.179] LocalFree (hMem=0x55ebb0) returned 0x0 [0125.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x14e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x45 [0125.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x14e4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x45 [0125.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14e930) returned 1 [0125.921] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x14ea10 | out: lpFileInformation=0x14ea10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0125.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e8f0) returned 1 [0125.978] CoTaskMemAlloc (cb=0x2e) returned 0x1aae5140 [0125.987] CryptFindOIDInfo (dwKeyType=0x2, pvKey=0x1aae5140, dwGroupId=0x1) returned 0x0 [0125.987] CryptFindOIDInfo (dwKeyType=0x2, pvKey=0x1aae5140, dwGroupId=0x0) returned 0x0 [0125.987] CoTaskMemFree (pv=0x1aae5140) [0126.001] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="%q#$w%&e^u%$e^teyrhrxyud&%^*usze^riizuytuezjykxixreyzthdfjgm") returned 0x2f0 [0126.122] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe", nBufferLength=0x105, lpBuffer=0x14e5d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe", lpFilePart=0x0) returned 0x28 [0126.123] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe", lpFilePart=0x0) returned 0x28 [0126.124] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe", dwFileAttributes=0x2) returned 1 [0126.188] GetProcessWindowStation () returned 0xcc [0126.199] GetUserObjectInformationA (in: hObj=0xcc, nIndex=1, pvInfo=0x2229230, nLength=0xc, lpnLengthNeeded=0x14eb70 | out: pvInfo=0x2229230, lpnLengthNeeded=0x14eb70) returned 1 [0126.206] GetActiveWindow () returned 0x0 [0126.422] GetCurrentProcess () returned 0xffffffffffffffff [0126.422] GetCurrentThread () returned 0xfffffffffffffffe [0126.422] GetCurrentProcess () returned 0xffffffffffffffff [0126.431] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x14eb10, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x14eb10*=0x314) returned 1 [0126.437] GetCurrentThreadId () returned 0x12c4 [0126.624] OleInitialize (pvReserved=0x0) returned 0x80010106 [0126.629] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x14eb28 | out: lplpMessageFilter=0x14eb28*=0x0) returned 0x80004021 [0126.645] GetCurrentThreadId () returned 0x12c4 [0126.651] EnumThreadWindows (dwThreadId=0x12c4, lpfn=0x2040aac, lParam=0x0) returned 1 [0126.651] GetActiveWindow () returned 0x0 [0126.653] GetFocus () returned 0x0 [0126.656] MessageBoxW (hWnd=0x0, lpText="If you started this app, you became a victim of RAT. Enjoy :D", lpCaption="", uType=0x0) returned 1 [0128.386] SendMessageW (hWnd=0x0, Msg=0x7, wParam=0x0, lParam=0x0) returned 0x0 [0128.407] SetThreadExecutionState (esFlags=0xffffffff80000003) returned 0x80000000 [0128.447] GetCurrentProcess () returned 0xffffffffffffffff [0128.447] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14eb68 | out: TokenHandle=0x14eb68*=0x34c) returned 1 [0128.454] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x14ebf8 | out: TokenInformation=0x0, ReturnLength=0x14ebf8) returned 0 [0128.454] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x586dc0 [0128.454] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x586dc0, TokenInformationLength=0x4, ReturnLength=0x14ebf8 | out: TokenInformation=0x586dc0, ReturnLength=0x14ebf8) returned 1 [0128.456] LocalFree (hMem=0x586dc0) returned 0x0 [0128.457] DuplicateTokenEx (in: hExistingToken=0x34c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x14ec58 | out: phNewToken=0x14ec58*=0x350) returned 1 [0128.458] CheckTokenMembership (in: TokenHandle=0x350, SidToCheck=0x2231ca0*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x14ec60 | out: IsMember=0x14ec60) returned 1 [0128.458] CloseHandle (hObject=0x350) returned 1 [0128.602] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x2001f, phkResult=0x14eb18 | out: phkResult=0x14eb18*=0x348) returned 0x0 [0128.605] RegQueryValueExW (in: hKey=0x348, lpValueName="windir", lpReserved=0x0, lpType=0x14ec58, lpData=0x0, lpcbData=0x14ec50*=0x0 | out: lpType=0x14ec58*=0x0, lpData=0x0, lpcbData=0x14ec50*=0x0) returned 0x2 [0128.606] RegCloseKey (hKey=0x348) returned 0x0 [0128.606] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x2001f, phkResult=0x14ec08 | out: phkResult=0x14ec08*=0x348) returned 0x0 [0128.606] RegOpenKeyExW (in: hKey=0x348, lpSubKey="Classes", ulOptions=0x0, samDesired=0x2001f, phkResult=0x14ec08 | out: phkResult=0x14ec08*=0x350) returned 0x0 [0128.609] RegOpenKeyExW (in: hKey=0x350, lpSubKey="mscfile", ulOptions=0x0, samDesired=0x2001f, phkResult=0x14eb98 | out: phkResult=0x14eb98*=0x0) returned 0x2 [0128.629] EtwEventRegister () returned 0x0 [0128.632] EtwEventSetInformation () returned 0x0 [0128.695] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software", ulOptions=0x0, samDesired=0x2001f, phkResult=0x14ec08 | out: phkResult=0x14ec08*=0x358) returned 0x0 [0128.695] RegOpenKeyExW (in: hKey=0x358, lpSubKey="Classes", ulOptions=0x0, samDesired=0x2001f, phkResult=0x14ec08 | out: phkResult=0x14ec08*=0x35c) returned 0x0 [0128.695] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="ms-settings", ulOptions=0x0, samDesired=0x2001f, phkResult=0x14eb98 | out: phkResult=0x14eb98*=0x0) returned 0x2 [0128.889] GetACP () returned 0x4e4 [0129.029] CoTaskMemAlloc (cb=0xd) returned 0x1aa7d460 [0129.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x223b388, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8 [0129.030] LoadLibraryA (lpLibFileName="kernel32") returned 0x7ffbe6b80000 [0129.030] CoTaskMemFree (pv=0x1aa7d460) [0129.054] CoTaskMemAlloc (cb=0x13) returned 0x1aa7d780 [0129.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualProtect", cchWideChar=14, lpMultiByteStr=0x223b3e0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualProtect", lpUsedDefaultChar=0x0) returned 14 [0129.054] GetProcAddress (hModule=0x7ffbe6b80000, lpProcName="VirtualProtect") returned 0x7ffbe6ba3a90 [0129.054] CoTaskMemFree (pv=0x1aa7d780) [0129.179] CoTaskMemAlloc (cb=0xd) returned 0x1aa7d660 [0129.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="amsi.dll", cchWideChar=8, lpMultiByteStr=0x223bec8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="amsi.dll", lpUsedDefaultChar=0x0) returned 8 [0129.180] LoadLibraryA (lpLibFileName="amsi.dll") returned 0x7ffbdecc0000 [0129.186] CoTaskMemFree (pv=0x1aa7d660) [0129.186] CoTaskMemAlloc (cb=0x13) returned 0x1aa7d580 [0129.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AmsiScanBuffer", cchWideChar=14, lpMultiByteStr=0x223bf80, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AmsiScanBuffer", lpUsedDefaultChar=0x0) returned 14 [0129.186] GetProcAddress (hModule=0x7ffbdecc0000, lpProcName="AmsiScanBuffer") returned 0x7ffbdecc25a0 [0129.186] CoTaskMemFree (pv=0x1aa7d580) [0129.187] VirtualProtect (in: lpAddress=0x7ffbdecc25a0, dwSize=0x6, flNewProtect=0x40, lpflOldProtect=0x14ece0 | out: lpflOldProtect=0x14ece0*=0x20) returned 1 [0129.187] memcpy (in: _Dst=0x7ffbdecc25a0, _Src=0x22397a8, _Size=0x6 | out: _Dst=0x7ffbdecc25a0) returned 0x7ffbdecc25a0 [0130.006] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe.config", nBufferLength=0x105, lpBuffer=0x14e1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe.config", lpFilePart=0x0) returned 0x2f [0130.785] GetCurrentProcess () returned 0xffffffffffffffff [0130.785] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e438 | out: TokenHandle=0x14e438*=0x36c) returned 1 [0130.789] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x14de50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\", lpFilePart=0x0) returned 0x30 [0130.793] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x14e4e0 | out: lpFileInformation=0x14e4e0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0130.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x14de70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0130.795] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x14e4d8 | out: lpFileInformation=0x14e4d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fdfbae, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x982bc0b8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x982bc0b8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0130.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x14de70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x45 [0130.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14e350) returned 1 [0130.800] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x370 [0130.800] GetFileType (hFile=0x370) returned 0x1 [0130.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e2c0) returned 1 [0130.800] GetFileType (hFile=0x370) returned 0x1 [0130.948] GetFileSize (in: hFile=0x370, lpFileSizeHigh=0x14e428 | out: lpFileSizeHigh=0x14e428*=0x0) returned 0x8c8f [0130.948] ReadFile (in: hFile=0x370, lpBuffer=0x22462d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e398, lpOverlapped=0x0 | out: lpBuffer=0x22462d8*, lpNumberOfBytesRead=0x14e398*=0x1000, lpOverlapped=0x0) returned 1 [0130.962] ReadFile (in: hFile=0x370, lpBuffer=0x22462d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e178, lpOverlapped=0x0 | out: lpBuffer=0x22462d8*, lpNumberOfBytesRead=0x14e178*=0x1000, lpOverlapped=0x0) returned 1 [0130.965] ReadFile (in: hFile=0x370, lpBuffer=0x22462d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14df68, lpOverlapped=0x0 | out: lpBuffer=0x22462d8*, lpNumberOfBytesRead=0x14df68*=0x1000, lpOverlapped=0x0) returned 1 [0130.966] ReadFile (in: hFile=0x370, lpBuffer=0x22462d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14df68, lpOverlapped=0x0 | out: lpBuffer=0x22462d8*, lpNumberOfBytesRead=0x14df68*=0x1000, lpOverlapped=0x0) returned 1 [0130.966] ReadFile (in: hFile=0x370, lpBuffer=0x22462d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14df68, lpOverlapped=0x0 | out: lpBuffer=0x22462d8*, lpNumberOfBytesRead=0x14df68*=0x1000, lpOverlapped=0x0) returned 1 [0130.966] ReadFile (in: hFile=0x370, lpBuffer=0x22462d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14de28, lpOverlapped=0x0 | out: lpBuffer=0x22462d8*, lpNumberOfBytesRead=0x14de28*=0x1000, lpOverlapped=0x0) returned 1 [0131.012] ReadFile (in: hFile=0x370, lpBuffer=0x22462d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e068, lpOverlapped=0x0 | out: lpBuffer=0x22462d8*, lpNumberOfBytesRead=0x14e068*=0x1000, lpOverlapped=0x0) returned 1 [0131.014] ReadFile (in: hFile=0x370, lpBuffer=0x22462d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14df18, lpOverlapped=0x0 | out: lpBuffer=0x22462d8*, lpNumberOfBytesRead=0x14df18*=0x1000, lpOverlapped=0x0) returned 1 [0131.014] ReadFile (in: hFile=0x370, lpBuffer=0x22462d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14df18, lpOverlapped=0x0 | out: lpBuffer=0x22462d8*, lpNumberOfBytesRead=0x14df18*=0xc8f, lpOverlapped=0x0) returned 1 [0131.014] ReadFile (in: hFile=0x370, lpBuffer=0x22462d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e038, lpOverlapped=0x0 | out: lpBuffer=0x22462d8*, lpNumberOfBytesRead=0x14e038*=0x0, lpOverlapped=0x0) returned 1 [0131.014] CloseHandle (hObject=0x370) returned 1 [0131.016] GetCurrentProcess () returned 0xffffffffffffffff [0131.016] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e668 | out: TokenHandle=0x14e668*=0x370) returned 1 [0131.016] GetCurrentProcess () returned 0xffffffffffffffff [0131.016] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e668 | out: TokenHandle=0x14e668*=0x374) returned 1 [0131.097] GetCurrentProcess () returned 0xffffffffffffffff [0131.097] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e438 | out: TokenHandle=0x14e438*=0x37c) returned 1 [0131.097] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\client.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x14e4e0 | out: lpFileInformation=0x14e4e0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0131.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe.config", nBufferLength=0x105, lpBuffer=0x14de70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe.config", lpFilePart=0x0) returned 0x2f [0131.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\client.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x14e4d8 | out: lpFileInformation=0x14e4d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0131.099] GetCurrentProcess () returned 0xffffffffffffffff [0131.099] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e668 | out: TokenHandle=0x14e668*=0x380) returned 1 [0131.099] GetCurrentProcess () returned 0xffffffffffffffff [0131.099] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e668 | out: TokenHandle=0x14e668*=0x384) returned 1 [0131.117] GetCurrentProcess () returned 0xffffffffffffffff [0131.117] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e3c8 | out: TokenHandle=0x14e3c8*=0x388) returned 1 [0131.198] GetCurrentProcess () returned 0xffffffffffffffff [0131.198] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e3d8 | out: TokenHandle=0x14e3d8*=0x38c) returned 1 [0131.220] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x14e978 | out: lpWSAData=0x14e978) returned 0 [0131.232] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3b0 [0131.244] setsockopt (s=0x3b0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0131.244] closesocket (s=0x3b0) returned 0 [0131.244] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x3b0 [0131.245] setsockopt (s=0x3b0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0131.245] closesocket (s=0x3b0) returned 0 [0131.249] GetCurrentProcess () returned 0xffffffffffffffff [0131.249] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e468 | out: TokenHandle=0x14e468*=0x3b0) returned 1 [0131.254] GetCurrentProcess () returned 0xffffffffffffffff [0131.254] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e478 | out: TokenHandle=0x14e478*=0x3b4) returned 1 [0131.267] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0131.271] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0131.271] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0131.288] SystemFunction041 (in: Memory=0x1aa7cc38, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x1aa7cc38) returned 0x0 [0131.302] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c0 [0131.303] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c4 [0131.351] GetCurrentProcess () returned 0xffffffffffffffff [0131.351] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e3c8 | out: TokenHandle=0x14e3c8*=0x3cc) returned 1 [0131.354] GetCurrentProcess () returned 0xffffffffffffffff [0131.355] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e3d8 | out: TokenHandle=0x14e3d8*=0x3d0) returned 1 [0131.360] QueryPerformanceFrequency (in: lpFrequency=0x7ffb6d987cf0 | out: lpFrequency=0x7ffb6d987cf0*=100000000) returned 1 [0131.360] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2452605257487) returned 1 [0131.364] GetCurrentProcess () returned 0xffffffffffffffff [0131.364] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e338 | out: TokenHandle=0x14e338*=0x3d4) returned 1 [0131.368] GetCurrentProcess () returned 0xffffffffffffffff [0131.368] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e348 | out: TokenHandle=0x14e348*=0x3d8) returned 1 [0131.374] GetCurrentProcess () returned 0xffffffffffffffff [0131.374] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e848 | out: TokenHandle=0x14e848*=0x3dc) returned 1 [0131.383] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x14c828 | out: phkResult=0x14c828*=0x3e0) returned 0x0 [0131.384] RegQueryValueExW (in: hKey=0x3e0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x14c878, lpData=0x0, lpcbData=0x14c870*=0x0 | out: lpType=0x14c878*=0x1, lpData=0x0, lpcbData=0x14c870*=0xe) returned 0x0 [0131.384] RegQueryValueExW (in: hKey=0x3e0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x14c878, lpData=0x2277398, lpcbData=0x14c870*=0xe | out: lpType=0x14c878*=0x1, lpData="Client", lpcbData=0x14c870*=0xe) returned 0x0 [0131.384] RegCloseKey (hKey=0x3e0) returned 0x0 [0131.557] CoTaskMemAlloc (cb=0xcd0) returned 0x1aa8f440 [0131.560] RasEnumConnectionsW (in: param_1=0x1aa8f440, param_2=0x14e7f0, param_3=0x14e7f8 | out: param_1=0x1aa8f440, param_2=0x14e7f0, param_3=0x14e7f8) returned 0x0 [0131.619] CoTaskMemFree (pv=0x1aa8f440) [0131.619] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x418 [0131.619] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x41c [0131.621] ioctlsocket (in: s=0x418, cmd=-2147195266, argp=0x14e818 | out: argp=0x14e818) returned 0 [0131.621] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x420 [0131.621] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x424 [0131.621] ioctlsocket (in: s=0x420, cmd=-2147195266, argp=0x14e818 | out: argp=0x14e818) returned 0 [0131.622] WSAIoctl (in: s=0x418, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14e7a0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14e7a0, lpOverlapped=0x0) returned -1 [0131.675] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e380, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0131.682] WSAEventSelect (s=0x418, hEventObject=0x41c, lNetworkEvents=512) returned 0 [0131.682] WSAIoctl (in: s=0x420, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14e7a0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14e7a0, lpOverlapped=0x0) returned -1 [0131.682] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e380, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0131.683] WSAEventSelect (s=0x420, hEventObject=0x424, lNetworkEvents=512) returned 0 [0131.683] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x42c [0131.684] RasConnectionNotificationW (param_1=0xffffffffffffffff, param_2=0x42c, param_3=0x3) returned 0x0 [0131.693] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x14e888 | out: phkResult=0x14e888*=0x444) returned 0x0 [0131.694] RegOpenKeyExW (in: hKey=0x444, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7c8 | out: phkResult=0x14e7c8*=0x448) returned 0x0 [0131.694] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x44c [0131.694] RegNotifyChangeKeyValue (hKey=0x448, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x44c, fAsynchronous=1) returned 0x0 [0131.695] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7d0 | out: phkResult=0x14e7d0*=0x450) returned 0x0 [0131.696] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x454 [0131.696] RegNotifyChangeKeyValue (hKey=0x450, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x454, fAsynchronous=1) returned 0x0 [0131.696] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e7d0 | out: phkResult=0x14e7d0*=0x458) returned 0x0 [0131.696] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x45c [0131.696] RegNotifyChangeKeyValue (hKey=0x458, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x45c, fAsynchronous=1) returned 0x0 [0131.696] GetCurrentProcess () returned 0xffffffffffffffff [0131.697] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e758 | out: TokenHandle=0x14e758*=0x460) returned 1 [0131.699] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x14d888 | out: phkResult=0x14d888*=0x464) returned 0x0 [0131.701] RegQueryValueExW (in: hKey=0x464, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x14d8c8, lpData=0x0, lpcbData=0x14d8c0*=0x0 | out: lpType=0x14d8c8*=0x0, lpData=0x0, lpcbData=0x14d8c0*=0x0) returned 0x2 [0131.701] RegCloseKey (hKey=0x464) returned 0x0 [0131.776] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x1aa84620 [0131.789] WinHttpSetTimeouts (hInternet=0x1aa84620, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0131.790] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x14e7d0 | out: pProxyConfig=0x14e7d0) returned 1 [0131.941] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x14d8d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.941] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x14d8d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0131.946] EtwEventRegister () returned 0x0 [0131.946] EtwEventSetInformation () returned 0x0 [0131.949] GetCurrentProcess () returned 0xffffffffffffffff [0131.949] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e298 | out: TokenHandle=0x14e298*=0x4b8) returned 1 [0131.952] GetCurrentProcess () returned 0xffffffffffffffff [0131.953] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e2a8 | out: TokenHandle=0x14e2a8*=0x4bc) returned 1 [0131.967] SetEvent (hEvent=0x3c0) returned 1 [0132.028] GetCurrentProcess () returned 0xffffffffffffffff [0132.028] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e178 | out: TokenHandle=0x14e178*=0x4d8) returned 1 [0132.029] GetCurrentProcess () returned 0xffffffffffffffff [0132.029] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e188 | out: TokenHandle=0x14e188*=0x4dc) returned 1 [0132.032] GetTimeZoneInformation (in: lpTimeZoneInformation=0x14e550 | out: lpTimeZoneInformation=0x14e550) returned 0x1 [0132.033] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x14e358 | out: pTimeZoneInformation=0x14e358) returned 0x1 [0132.039] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e328 | out: phkResult=0x14e328*=0x4e0) returned 0x0 [0132.040] RegQueryValueExW (in: hKey=0x4e0, lpValueName="TZI", lpReserved=0x0, lpType=0x14e368, lpData=0x0, lpcbData=0x14e360*=0x0 | out: lpType=0x14e368*=0x3, lpData=0x0, lpcbData=0x14e360*=0x2c) returned 0x0 [0132.041] RegQueryValueExW (in: hKey=0x4e0, lpValueName="TZI", lpReserved=0x0, lpType=0x14e368, lpData=0x2282660, lpcbData=0x14e360*=0x2c | out: lpType=0x14e368*=0x3, lpData=0x2282660*, lpcbData=0x14e360*=0x2c) returned 0x0 [0132.041] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e128 | out: phkResult=0x14e128*=0x0) returned 0x2 [0132.042] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x14e2f8, lpData=0x0, lpcbData=0x14e2f0*=0x0 | out: lpType=0x14e2f8*=0x1, lpData=0x0, lpcbData=0x14e2f0*=0x20) returned 0x0 [0132.042] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x14e2f8, lpData=0x2282b60, lpcbData=0x14e2f0*=0x20 | out: lpType=0x14e2f8*=0x1, lpData="@tzres.dll,-320", lpcbData=0x14e2f0*=0x20) returned 0x0 [0132.042] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x14e2f8, lpData=0x0, lpcbData=0x14e2f0*=0x0 | out: lpType=0x14e2f8*=0x1, lpData=0x0, lpcbData=0x14e2f0*=0x20) returned 0x0 [0132.042] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x14e2f8, lpData=0x2282bd0, lpcbData=0x14e2f0*=0x20 | out: lpType=0x14e2f8*=0x1, lpData="@tzres.dll,-322", lpcbData=0x14e2f0*=0x20) returned 0x0 [0132.042] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x14e2f8, lpData=0x0, lpcbData=0x14e2f0*=0x0 | out: lpType=0x14e2f8*=0x1, lpData=0x0, lpcbData=0x14e2f0*=0x20) returned 0x0 [0132.042] RegQueryValueExW (in: hKey=0x4e0, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x14e2f8, lpData=0x2282c40, lpcbData=0x14e2f0*=0x20 | out: lpType=0x14e2f8*=0x1, lpData="@tzres.dll,-321", lpcbData=0x14e2f0*=0x20) returned 0x0 [0132.103] CoTaskMemAlloc (cb=0x20c) returned 0x1aa81dc0 [0132.103] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x1aa81dc0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.103] CoTaskMemFree (pv=0x1aa81dc0) [0132.104] CoTaskMemAlloc (cb=0x20c) returned 0x1aa850c0 [0132.104] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x14e348, pwszFileMUIPath=0x1aa850c0, pcchFileMUIPath=0x14e350, pululEnumerator=0x14e340 | out: pwszLanguage=0x0, pcchLanguage=0x14e348, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x14e350, pululEnumerator=0x14e340) returned 1 [0132.109] CoTaskMemFree (pv=0x0) [0132.109] CoTaskMemFree (pv=0x1aa850c0) [0132.109] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x680001 [0132.113] CoTaskMemAlloc (cb=0x3ec) returned 0x5909f0 [0132.113] LoadStringW (in: hInstance=0x680001, uID=0x140, lpBuffer=0x5909f0, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0132.113] CoTaskMemFree (pv=0x5909f0) [0132.113] FreeLibrary (hLibModule=0x680001) returned 1 [0132.114] CoTaskMemAlloc (cb=0x20c) returned 0x1aa81dc0 [0132.114] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x1aa81dc0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.114] CoTaskMemFree (pv=0x1aa81dc0) [0132.114] CoTaskMemAlloc (cb=0x20c) returned 0x1aa84a60 [0132.114] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x14e348, pwszFileMUIPath=0x1aa84a60, pcchFileMUIPath=0x14e350, pululEnumerator=0x14e340 | out: pwszLanguage=0x0, pcchLanguage=0x14e348, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x14e350, pululEnumerator=0x14e340) returned 1 [0132.116] CoTaskMemFree (pv=0x0) [0132.116] CoTaskMemFree (pv=0x1aa84a60) [0132.116] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x680001 [0132.117] CoTaskMemAlloc (cb=0x3ec) returned 0x5909f0 [0132.117] LoadStringW (in: hInstance=0x680001, uID=0x142, lpBuffer=0x5909f0, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0132.117] CoTaskMemFree (pv=0x5909f0) [0132.117] FreeLibrary (hLibModule=0x680001) returned 1 [0132.117] CoTaskMemAlloc (cb=0x20c) returned 0x1aa85500 [0132.117] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x1aa85500 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0132.117] CoTaskMemFree (pv=0x1aa85500) [0132.117] CoTaskMemAlloc (cb=0x20c) returned 0x1aa81dc0 [0132.117] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x14e348, pwszFileMUIPath=0x1aa81dc0, pcchFileMUIPath=0x14e350, pululEnumerator=0x14e340 | out: pwszLanguage=0x0, pcchLanguage=0x14e348, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x14e350, pululEnumerator=0x14e340) returned 1 [0132.118] CoTaskMemFree (pv=0x0) [0132.118] CoTaskMemFree (pv=0x1aa81dc0) [0132.118] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x680001 [0132.119] CoTaskMemAlloc (cb=0x3ec) returned 0x5909f0 [0132.119] LoadStringW (in: hInstance=0x680001, uID=0x141, lpBuffer=0x5909f0, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0132.119] CoTaskMemFree (pv=0x5909f0) [0132.119] FreeLibrary (hLibModule=0x680001) returned 1 [0132.120] RegCloseKey (hKey=0x4e0) returned 0x0 [0132.121] SetEvent (hEvent=0x3c0) returned 1 [0132.135] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x14e7a8 | out: pFixedInfo=0x0, pOutBufLen=0x14e7a8) returned 0x6f [0132.402] LocalAlloc (uFlags=0x0, uBytes=0x258) returned 0x5909f0 [0132.402] GetNetworkParams (in: pFixedInfo=0x5909f0, pOutBufLen=0x14e7a8 | out: pFixedInfo=0x5909f0, pOutBufLen=0x14e7a8) returned 0x0 [0132.416] LocalFree (hMem=0x5909f0) returned 0x0 [0132.422] CoTaskMemAlloc (cb=0x20c) returned 0x1aa82ec0 [0132.422] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x1aa82ec0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0132.422] CoTaskMemFree (pv=0x1aa82ec0) [0132.422] CoTaskMemAlloc (cb=0x20c) returned 0x1aa81dc0 [0132.423] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x1aa81dc0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0132.423] CoTaskMemFree (pv=0x1aa81dc0) [0132.444] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x528 [0132.444] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4f8 [0132.445] GetAddrInfoW (in: pNodeName="pastebin.com", pServiceName=0x0, pHints=0x14e608*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14e550 | out: ppResult=0x14e550*=0x1aa7c530*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="pastebin.com", ai_addr=0x5991f0*(sa_family=2, sin_port=0x0, sin_addr="104.20.3.235"), ai_next=0x1aa7c2f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x599130*(sa_family=2, sin_port=0x0, sin_addr="172.67.19.24"), ai_next=0x1aa7c930*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x599290*(sa_family=2, sin_port=0x0, sin_addr="104.20.4.235"), ai_next=0x0)))) returned 0 [0132.582] FreeAddrInfoW (pAddrInfo=0x1aa7c530*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="pastebin.com", ai_addr=0x5991f0*(sa_family=2, sin_port=0x0, sin_addr="104.20.3.235"), ai_next=0x1aa7c2f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x599130*(sa_family=2, sin_port=0x0, sin_addr="172.67.19.24"), ai_next=0x1aa7c930*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x599290*(sa_family=2, sin_port=0x0, sin_addr="104.20.4.235"), ai_next=0x0)))) [0132.585] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x52c [0132.585] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x540 [0132.586] ioctlsocket (in: s=0x52c, cmd=-2147195266, argp=0x14e578 | out: argp=0x14e578) returned 0 [0132.586] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x544 [0132.586] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x548 [0132.586] ioctlsocket (in: s=0x544, cmd=-2147195266, argp=0x14e578 | out: argp=0x14e578) returned 0 [0132.586] WSAIoctl (in: s=0x52c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14e500, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14e500, lpOverlapped=0x0) returned -1 [0132.586] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e0e0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0132.586] WSAEventSelect (s=0x52c, hEventObject=0x540, lNetworkEvents=512) returned 0 [0132.586] WSAIoctl (in: s=0x544, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14e500, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14e500, lpOverlapped=0x0) returned -1 [0132.586] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e0e0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0132.586] WSAEventSelect (s=0x544, hEventObject=0x548, lNetworkEvents=512) returned 0 [0132.587] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x14e568*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x14e568*=0xc28) returned 0x6f [0132.591] LocalAlloc (uFlags=0x0, uBytes=0xc28) returned 0x59bfa0 [0132.591] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x59bfa0, SizePointer=0x14e568*=0xc28 | out: AdapterAddresses=0x59bfa0*(Alignment=0x6000001c0, Length=0x1c0, IfIndex=0x6, Next=0x59c2c0, AdapterName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", FirstUnicastAddress=0x59c210, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #2", FriendlyName="Ethernet 2", PhysicalAddress=([0]=0x0, [1]=0x25, [2]=0x4e, [3]=0xba, [4]=0x9c, [5]=0xc7, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x6, ZoneIndices=([0]=0x6, [1]=0x6, [2]=0x6, [3]=0x6, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid.Value=0x6008002000000, Luid.Info.Reserved=0x6008002000000, Luid.Info.NetLuidIndex=0x6008002000000, Luid.Info.IfType=0x6008002000000, Dhcpv4Server.lpSockaddr=0x59c160*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x6000ff3, FirstDnsSuffix=0x0), SizePointer=0x14e568*=0xc28) returned 0x0 [0132.649] LocalFree (hMem=0x59bfa0) returned 0x0 [0132.653] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e558 | out: phkResult=0x14e558*=0x54c) returned 0x0 [0132.653] RegQueryValueExW (in: hKey=0x54c, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x14e598, lpData=0x0, lpcbData=0x14e590*=0x0 | out: lpType=0x14e598*=0x0, lpData=0x0, lpcbData=0x14e590*=0x0) returned 0x2 [0132.654] RegCloseKey (hKey=0x54c) returned 0x0 [0132.655] WSAConnect (in: s=0x528, name=0x2294150*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.3.235"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0132.665] closesocket (s=0x4f8) returned 0 [0132.702] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e338 | out: phkResult=0x14e338*=0x4f8) returned 0x0 [0132.702] RegQueryValueExW (in: hKey=0x4f8, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x14e378, lpData=0x0, lpcbData=0x14e370*=0x0 | out: lpType=0x14e378*=0x4, lpData=0x0, lpcbData=0x14e370*=0x4) returned 0x0 [0132.702] RegQueryValueExW (in: hKey=0x4f8, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x14e378, lpData=0x14e358, lpcbData=0x14e370*=0x4 | out: lpType=0x14e378*=0x4, lpData=0x14e358*=0x1, lpcbData=0x14e370*=0x4) returned 0x0 [0132.704] RegQueryValueExW (in: hKey=0x4f8, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x14e3e8, lpData=0x0, lpcbData=0x14e3e0*=0x0 | out: lpType=0x14e3e8*=0x4, lpData=0x0, lpcbData=0x14e3e0*=0x4) returned 0x0 [0132.706] RegCloseKey (hKey=0x4f8) returned 0x0 [0132.710] GetCurrentProcessId () returned 0x12c0 [0132.720] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14d390 | out: lpLuid=0x14d390*(LowPart=0x14, HighPart=0)) returned 1 [0132.723] GetCurrentProcess () returned 0xffffffffffffffff [0132.724] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14d388 | out: TokenHandle=0x14d388*=0x4f8) returned 1 [0132.724] AdjustTokenPrivileges (in: TokenHandle=0x4f8, DisableAllPrivileges=0, NewState=0x2297818*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0132.724] CloseHandle (hObject=0x4f8) returned 1 [0132.727] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12c0) returned 0x4f8 [0132.738] EnumProcessModules (in: hProcess=0x4f8, lphModule=0x2297880, cb=0x200, lpcbNeeded=0x14e340 | out: lphModule=0x2297880, lpcbNeeded=0x14e340) returned 1 [0132.741] GetModuleInformation (in: hProcess=0x4f8, hModule=0xbc0000, lpmodinfo=0x2297af0, cb=0x18 | out: lpmodinfo=0x2297af0*(lpBaseOfDll=0xbc0000, SizeOfImage=0x20000, EntryPoint=0x0)) returned 1 [0132.742] CoTaskMemAlloc (cb=0x804) returned 0x59bfa0 [0132.742] GetModuleBaseNameW (in: hProcess=0x4f8, hModule=0xbc0000, lpBaseName=0x59bfa0, nSize=0x800 | out: lpBaseName="Client.exe") returned 0xa [0132.742] CoTaskMemFree (pv=0x59bfa0) [0132.743] CoTaskMemAlloc (cb=0x804) returned 0x59bfa0 [0132.743] GetModuleFileNameExW (in: hProcess=0x4f8, hModule=0xbc0000, lpFilename=0x59bfa0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\client.exe")) returned 0x28 [0132.743] CoTaskMemFree (pv=0x59bfa0) [0132.744] CloseHandle (hObject=0x4f8) returned 1 [0132.747] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe", nBufferLength=0x105, lpBuffer=0x14de80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe", lpFilePart=0x0) returned 0x28 [0132.747] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e338 | out: phkResult=0x14e338*=0x0) returned 0x2 [0132.790] GetCurrentProcessId () returned 0x12c0 [0132.790] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12c0) returned 0x530 [0132.790] EnumProcessModules (in: hProcess=0x530, lphModule=0x229ab98, cb=0x200, lpcbNeeded=0x14e350 | out: lphModule=0x229ab98, lpcbNeeded=0x14e350) returned 1 [0132.792] GetModuleInformation (in: hProcess=0x530, hModule=0xbc0000, lpmodinfo=0x229ae08, cb=0x18 | out: lpmodinfo=0x229ae08*(lpBaseOfDll=0xbc0000, SizeOfImage=0x20000, EntryPoint=0x0)) returned 1 [0132.793] CoTaskMemAlloc (cb=0x804) returned 0x59bfa0 [0132.793] GetModuleBaseNameW (in: hProcess=0x530, hModule=0xbc0000, lpBaseName=0x59bfa0, nSize=0x800 | out: lpBaseName="Client.exe") returned 0xa [0132.793] CoTaskMemFree (pv=0x59bfa0) [0132.793] CoTaskMemAlloc (cb=0x804) returned 0x59bfa0 [0132.793] GetModuleFileNameExW (in: hProcess=0x530, hModule=0xbc0000, lpFilename=0x59bfa0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\client.exe")) returned 0x28 [0132.793] CoTaskMemFree (pv=0x59bfa0) [0132.793] CloseHandle (hObject=0x530) returned 1 [0132.793] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe", nBufferLength=0x105, lpBuffer=0x14de90, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Client.exe", lpFilePart=0x0) returned 0x28 [0132.794] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e348 | out: phkResult=0x14e348*=0x0) returned 0x2 [0132.794] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e348 | out: phkResult=0x14e348*=0x530) returned 0x0 [0132.794] RegQueryValueExW (in: hKey=0x530, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x14e388, lpData=0x0, lpcbData=0x14e380*=0x0 | out: lpType=0x14e388*=0x0, lpData=0x0, lpcbData=0x14e380*=0x0) returned 0x2 [0132.794] RegCloseKey (hKey=0x530) returned 0x0 [0132.810] EnumerateSecurityPackagesW (in: pcPackages=0x14e3b8, ppPackageInfo=0x14e2d0 | out: pcPackages=0x14e3b8, ppPackageInfo=0x14e2d0) returned 0x0 [0132.832] FreeContextBuffer (in: pvContextBuffer=0x59b720 | out: pvContextBuffer=0x59b720) returned 0x0 [0132.841] GetCurrentProcess () returned 0xffffffffffffffff [0132.841] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14df08 | out: TokenHandle=0x14df08*=0x54c) returned 1 [0132.843] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x229d5fc, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x14e070, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x229f688, ptsExpiry=0x14df90 | out: phCredential=0x229f688, ptsExpiry=0x14df90) returned 0x0 [0132.902] InitializeSecurityContextW (in: phCredential=0x14df68, phContext=0x0, pTargetName=0x22942a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x22a0400, pOutput=0x22a0358, pfContextAttr=0x229d5c8, ptsExpiry=0x14df60 | out: phNewContext=0x22a0400, pOutput=0x22a0358, pfContextAttr=0x229d5c8, ptsExpiry=0x14df60) returned 0x90312 [0132.903] FreeContextBuffer (in: pvContextBuffer=0x58f1f0 | out: pvContextBuffer=0x58f1f0) returned 0x0 [0132.957] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffbe6b80000 [0132.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="AppPolicyGetClrCompat", cchWideChar=21, lpMultiByteStr=0x14dfc0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppPolicyGetClrCompat", lpUsedDefaultChar=0x0) returned 21 [0132.957] GetProcAddress (hModule=0x7ffbe6b80000, lpProcName="AppPolicyGetClrCompat") returned 0x0 [0132.958] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x7ffbe6b80000 [0132.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="GetCurrentPackageId", cchWideChar=19, lpMultiByteStr=0x14dfc0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentPackageIdat", lpUsedDefaultChar=0x0) returned 19 [0132.958] GetProcAddress (hModule=0x7ffbe6b80000, lpProcName="GetCurrentPackageId") returned 0x7ffbe5f88d40 [0132.958] GetCurrentPackageId () returned 0x3d54 [0132.960] send (s=0x528, buf=0x22a0428*, len=176, flags=0) returned 176 [0132.962] recv (in: s=0x528, buf=0x22a0428, len=5, flags=0 | out: buf=0x22a0428*) returned 5 [0132.970] recv (in: s=0x528, buf=0x22a042d, len=67, flags=0 | out: buf=0x22a042d*) returned 67 [0132.972] InitializeSecurityContextW (in: phCredential=0x14dec8, phContext=0x14dff0, pTargetName=0x22942a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22a1070, Reserved2=0x0, phNewContext=0x22a0400, pOutput=0x22a1090, pfContextAttr=0x229d5c8, ptsExpiry=0x14dec0 | out: phNewContext=0x22a0400, pOutput=0x22a1090, pfContextAttr=0x229d5c8, ptsExpiry=0x14dec0) returned 0x90312 [0132.973] recv (in: s=0x528, buf=0x22a1180, len=5, flags=0 | out: buf=0x22a1180*) returned 5 [0132.973] recv (in: s=0x528, buf=0x22a11a5, len=2526, flags=0 | out: buf=0x22a11a5*) returned 2526 [0132.973] InitializeSecurityContextW (in: phCredential=0x14de18, phContext=0x14df40, pTargetName=0x22942a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22a1c50, Reserved2=0x0, phNewContext=0x22a0400, pOutput=0x22a1c70, pfContextAttr=0x229d5c8, ptsExpiry=0x14de10 | out: phNewContext=0x22a0400, pOutput=0x22a1c70, pfContextAttr=0x229d5c8, ptsExpiry=0x14de10) returned 0x90312 [0132.975] recv (in: s=0x528, buf=0x22a1d60, len=5, flags=0 | out: buf=0x22a1d60*) returned 5 [0132.975] recv (in: s=0x528, buf=0x22a1d85, len=148, flags=0 | out: buf=0x22a1d85*) returned 148 [0132.975] InitializeSecurityContextW (in: phCredential=0x14dd68, phContext=0x14de90, pTargetName=0x22942a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22a1ee8, Reserved2=0x0, phNewContext=0x22a0400, pOutput=0x22a1f08, pfContextAttr=0x229d5c8, ptsExpiry=0x14dd60 | out: phNewContext=0x22a0400, pOutput=0x22a1f08, pfContextAttr=0x229d5c8, ptsExpiry=0x14dd60) returned 0x90312 [0132.975] recv (in: s=0x528, buf=0x22a1ff8, len=5, flags=0 | out: buf=0x22a1ff8*) returned 5 [0132.975] recv (in: s=0x528, buf=0x22a201d, len=4, flags=0 | out: buf=0x22a201d*) returned 4 [0132.976] InitializeSecurityContextW (in: phCredential=0x14dcb8, phContext=0x14dde0, pTargetName=0x22942a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22a20f0, Reserved2=0x0, phNewContext=0x22a0400, pOutput=0x22a2110, pfContextAttr=0x229d5c8, ptsExpiry=0x14dcb0 | out: phNewContext=0x22a0400, pOutput=0x22a2110, pfContextAttr=0x229d5c8, ptsExpiry=0x14dcb0) returned 0x90312 [0133.002] FreeContextBuffer (in: pvContextBuffer=0x1aa99020 | out: pvContextBuffer=0x1aa99020) returned 0x0 [0133.002] send (s=0x528, buf=0x22a21e0*, len=126, flags=0) returned 126 [0133.003] recv (in: s=0x528, buf=0x22a21e0, len=5, flags=0 | out: buf=0x22a21e0*) returned 5 [0133.011] recv (in: s=0x528, buf=0x22a229d, len=202, flags=0 | out: buf=0x22a229d*) returned 202 [0133.011] InitializeSecurityContextW (in: phCredential=0x14dc08, phContext=0x14dd30, pTargetName=0x22942a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22a2430, Reserved2=0x0, phNewContext=0x22a0400, pOutput=0x22a2450, pfContextAttr=0x229d5c8, ptsExpiry=0x14dc00 | out: phNewContext=0x22a0400, pOutput=0x22a2450, pfContextAttr=0x229d5c8, ptsExpiry=0x14dc00) returned 0x90312 [0133.011] recv (in: s=0x528, buf=0x22a2540, len=5, flags=0 | out: buf=0x22a2540*) returned 5 [0133.012] recv (in: s=0x528, buf=0x22a2565, len=1, flags=0 | out: buf=0x22a2565*) returned 1 [0133.012] InitializeSecurityContextW (in: phCredential=0x14db58, phContext=0x14dc80, pTargetName=0x22942a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22a2630, Reserved2=0x0, phNewContext=0x22a0400, pOutput=0x22a2650, pfContextAttr=0x229d5c8, ptsExpiry=0x14db50 | out: phNewContext=0x22a0400, pOutput=0x22a2650, pfContextAttr=0x229d5c8, ptsExpiry=0x14db50) returned 0x90312 [0133.012] recv (in: s=0x528, buf=0x22a2740, len=5, flags=0 | out: buf=0x22a2740*) returned 5 [0133.012] recv (in: s=0x528, buf=0x22a2765, len=40, flags=0 | out: buf=0x22a2765*) returned 40 [0133.012] InitializeSecurityContextW (in: phCredential=0x14daa8, phContext=0x14dbd0, pTargetName=0x22942a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22a2858, Reserved2=0x0, phNewContext=0x22a0400, pOutput=0x22a2878, pfContextAttr=0x229d5c8, ptsExpiry=0x14daa0 | out: phNewContext=0x22a0400, pOutput=0x22a2878, pfContextAttr=0x229d5c8, ptsExpiry=0x14daa0) returned 0x0 [0133.033] QueryContextAttributesW (in: phContext=0x22a0400, ulAttribute=0x4, pBuffer=0x22a29a0 | out: pBuffer=0x22a29a0) returned 0x0 [0133.033] QueryContextAttributesW (in: phContext=0x22a0400, ulAttribute=0x5a, pBuffer=0x22a2a30 | out: pBuffer=0x22a2a30) returned 0x0 [0133.035] QueryContextAttributesW (in: phContext=0x22a0400, ulAttribute=0x53, pBuffer=0x22a2d90 | out: pBuffer=0x22a2d90) returned 0x0 [0133.037] CertDuplicateCertificateContext (pCertContext=0x57f580) returned 0x57f580 [0133.038] CertDuplicateStore (hCertStore=0x58f600) returned 0x58f600 [0133.039] CertEnumCertificatesInStore (hCertStore=0x58f600, pPrevCertContext=0x0) returned 0x57f600 [0133.039] CertDuplicateCertificateContext (pCertContext=0x57f600) returned 0x57f600 [0133.039] CertEnumCertificatesInStore (hCertStore=0x58f600, pPrevCertContext=0x57f600) returned 0x57fa80 [0133.040] CertDuplicateCertificateContext (pCertContext=0x57fa80) returned 0x57fa80 [0133.040] CertEnumCertificatesInStore (hCertStore=0x58f600, pPrevCertContext=0x57fa80) returned 0x57f580 [0133.040] CertDuplicateCertificateContext (pCertContext=0x57f580) returned 0x57f580 [0133.040] CertEnumCertificatesInStore (hCertStore=0x58f600, pPrevCertContext=0x57f580) returned 0x0 [0133.040] CertCloseStore (hCertStore=0x58f600, dwFlags=0x0) returned 1 [0133.040] CertFreeCertificateContext (pCertContext=0x57f580) returned 1 [0133.116] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x58f1f0 [0133.118] CertAddCRLLinkToStore (in: hCertStore=0x58f1f0, pCrlContext=0x57f600, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0133.119] CertAddCRLLinkToStore (in: hCertStore=0x58f1f0, pCrlContext=0x57fa80, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0133.119] CertAddCRLLinkToStore (in: hCertStore=0x58f1f0, pCrlContext=0x57f580, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0133.121] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x57f580, pTime=0x14dbc0, hAdditionalStore=0x58f1f0, pChainPara=0x14da58, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x14da40 | out: ppChainContext=0x14da40) returned 1 [0133.130] CertDuplicateCertificateChain (pChainContext=0x5a9bb0) returned 0x5a9bb0 [0133.131] CertDuplicateCertificateContext (pCertContext=0x57f580) returned 0x57f580 [0133.131] CertDuplicateCertificateContext (pCertContext=0x57f880) returned 0x57f880 [0133.132] CertDuplicateCertificateContext (pCertContext=0x57eb00) returned 0x57eb00 [0133.132] CertDuplicateCertificateContext (pCertContext=0x5acab0) returned 0x5acab0 [0133.132] CertFreeCertificateChain (pChainContext=0x5a9bb0) [0133.133] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5a9bb0, pPolicyPara=0x14dd08, pPolicyStatus=0x14dce8 | out: pPolicyStatus=0x14dce8) returned 1 [0133.133] SetLastError (dwErrCode=0x0) [0133.137] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5a9bb0, pPolicyPara=0x14dde8, pPolicyStatus=0x14dd38 | out: pPolicyStatus=0x14dd38) returned 1 [0133.196] CertFreeCertificateChain (pChainContext=0x5a9bb0) [0133.196] CertFreeCertificateContext (pCertContext=0x57f580) returned 1 [0133.201] CoTaskMemAlloc (cb=0x20c) returned 0x1aa82ec0 [0133.201] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x1aa82ec0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0133.201] CoTaskMemFree (pv=0x1aa82ec0) [0133.201] CoTaskMemAlloc (cb=0x20c) returned 0x1aa85500 [0133.201] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x1aa85500, nSize=0x104 | out: lpBuffer="") returned 0x0 [0133.201] CoTaskMemFree (pv=0x1aa85500) [0133.201] CoTaskMemAlloc (cb=0x20c) returned 0x1aa82860 [0133.201] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x1aa82860, nSize=0x104 | out: lpBuffer="") returned 0x0 [0133.201] CoTaskMemFree (pv=0x1aa82860) [0133.201] CoTaskMemAlloc (cb=0x20c) returned 0x1aa81dc0 [0133.201] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x1aa81dc0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0133.201] CoTaskMemFree (pv=0x1aa81dc0) [0133.203] EncryptMessage (in: phContext=0x22a0400, fQOP=0x0, pMessage=0x22acdd8, MessageSeqNo=0x0 | out: pMessage=0x22acdd8) returned 0x0 [0133.203] send (s=0x528, buf=0x22ab828*, len=103, flags=0) returned 103 [0133.223] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0133.224] recv (in: s=0x528, buf=0x22b9198, len=5, flags=0 | out: buf=0x22b9198*) returned 5 [0133.268] recv (in: s=0x528, buf=0x22b919d, len=451, flags=0 | out: buf=0x22b919d*) returned 451 [0133.269] DecryptMessage (in: phContext=0x22a0400, pMessage=0x22bd8c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22bd8c0, pfQOP=0x0) returned 0x0 [0133.316] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0133.322] recv (in: s=0x528, buf=0x22b9198, len=5, flags=0 | out: buf=0x22b9198*) returned 5 [0133.322] recv (in: s=0x528, buf=0x22b919d, len=29, flags=0 | out: buf=0x22b919d*) returned 29 [0133.322] DecryptMessage (in: phContext=0x22a0400, pMessage=0x22e1ab8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22e1ab8, pfQOP=0x0) returned 0x0 [0133.324] SetEvent (hEvent=0x3c0) returned 1 [0133.335] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c8b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e70*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) returned 0 [0133.341] FreeAddrInfoW (pAddrInfo=0x59c8b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e70*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) [0133.343] WSAConnect (in: s=0x3b8, name=0x22e2588*(sa_family=2, sin_port=0x4b43, sin_addr="3.135.250.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0134.942] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0139.969] closesocket (s=0x3b8) returned 0 [0139.970] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0139.970] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0139.970] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0139.971] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2453466339412) returned 1 [0139.972] SetEvent (hEvent=0x3c0) returned 1 [0139.979] select (in: nfds=0, readfds=0x230fe78, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x230fe78, writefds=0x0, exceptfds=0x0) returned 0 [0139.988] EncryptMessage (in: phContext=0x22a0400, fQOP=0x0, pMessage=0x2310210, MessageSeqNo=0x0 | out: pMessage=0x2310210) returned 0x0 [0139.989] send (s=0x528, buf=0x22ab828*, len=79, flags=0) returned 79 [0139.990] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0139.990] recv (in: s=0x528, buf=0x22b9198, len=5, flags=0 | out: buf=0x22b9198*) returned 5 [0140.008] recv (in: s=0x528, buf=0x22b919d, len=451, flags=0 | out: buf=0x22b919d*) returned 451 [0140.008] DecryptMessage (in: phContext=0x22a0400, pMessage=0x2310630, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2310630, pfQOP=0x0) returned 0x0 [0140.010] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0140.010] recv (in: s=0x528, buf=0x22b9198, len=5, flags=0 | out: buf=0x22b9198*) returned 5 [0140.010] recv (in: s=0x528, buf=0x22b919d, len=29, flags=0 | out: buf=0x22b919d*) returned 29 [0140.010] DecryptMessage (in: phContext=0x22a0400, pMessage=0x23319d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23319d0, pfQOP=0x0) returned 0x0 [0140.010] SetEvent (hEvent=0x3c0) returned 1 [0140.011] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c0b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5990d0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0140.047] FreeAddrInfoW (pAddrInfo=0x59c0b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5990d0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0140.047] WSAConnect (in: s=0x3b8, name=0x2332888*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0141.526] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0146.543] closesocket (s=0x3b8) returned 0 [0146.543] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0146.544] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0146.544] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0146.545] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2454123678533) returned 1 [0146.545] SetEvent (hEvent=0x3c0) returned 1 [0146.546] select (in: nfds=0, readfds=0x236ad48, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x236ad48, writefds=0x0, exceptfds=0x0) returned 0 [0146.546] EncryptMessage (in: phContext=0x22a0400, fQOP=0x0, pMessage=0x236b0e0, MessageSeqNo=0x0 | out: pMessage=0x236b0e0) returned 0x0 [0146.547] send (s=0x528, buf=0x22ab828*, len=79, flags=0) returned 79 [0146.548] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0146.548] recv (in: s=0x528, buf=0x22b9198, len=5, flags=0 | out: buf=0x22b9198*) returned 5 [0146.570] recv (in: s=0x528, buf=0x22b919d, len=451, flags=0 | out: buf=0x22b919d*) returned 451 [0146.570] DecryptMessage (in: phContext=0x22a0400, pMessage=0x236b8b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x236b8b0, pfQOP=0x0) returned 0x0 [0146.571] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0146.571] recv (in: s=0x528, buf=0x22b9198, len=5, flags=0 | out: buf=0x22b9198*) returned 5 [0146.572] recv (in: s=0x528, buf=0x22b919d, len=29, flags=0 | out: buf=0x22b919d*) returned 29 [0146.572] DecryptMessage (in: phContext=0x22a0400, pMessage=0x238cc50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x238cc50, pfQOP=0x0) returned 0x0 [0146.572] SetEvent (hEvent=0x3c0) returned 1 [0146.572] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c8b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5993d0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0146.575] FreeAddrInfoW (pAddrInfo=0x59c8b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5993d0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0146.576] WSAConnect (in: s=0x3b8, name=0x238d588*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0148.122] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0153.140] closesocket (s=0x3b8) returned 0 [0153.140] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0153.141] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0153.141] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0153.142] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2454783365228) returned 1 [0153.142] SetEvent (hEvent=0x3c0) returned 1 [0153.143] select (in: nfds=0, readfds=0x2220d20, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x2220d20, writefds=0x0, exceptfds=0x0) returned 0 [0153.144] EncryptMessage (in: phContext=0x21f6890, fQOP=0x0, pMessage=0x2221130, MessageSeqNo=0x0 | out: pMessage=0x2221130) returned 0x0 [0153.144] send (s=0x528, buf=0x21fc818*, len=79, flags=0) returned 79 [0153.147] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0153.147] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0153.170] recv (in: s=0x528, buf=0x2209fc5, len=451, flags=0 | out: buf=0x2209fc5*) returned 451 [0153.170] DecryptMessage (in: phContext=0x21f6890, pMessage=0x2221860, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2221860, pfQOP=0x0) returned 0x0 [0153.171] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0153.171] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0153.171] recv (in: s=0x528, buf=0x2209fc5, len=29, flags=0 | out: buf=0x2209fc5*) returned 29 [0153.171] DecryptMessage (in: phContext=0x21f6890, pMessage=0x2242c00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2242c00, pfQOP=0x0) returned 0x0 [0153.171] SetEvent (hEvent=0x3c0) returned 1 [0153.171] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598ed0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0153.174] FreeAddrInfoW (pAddrInfo=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598ed0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0153.174] WSAConnect (in: s=0x3b8, name=0x2243538*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0154.719] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0159.731] closesocket (s=0x3b8) returned 0 [0159.731] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0159.731] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0159.731] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0159.732] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2455442382392) returned 1 [0159.732] SetEvent (hEvent=0x3c0) returned 1 [0159.733] select (in: nfds=0, readfds=0x2281158, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x2281158, writefds=0x0, exceptfds=0x0) returned 0 [0159.733] EncryptMessage (in: phContext=0x21f6890, fQOP=0x0, pMessage=0x22814f0, MessageSeqNo=0x0 | out: pMessage=0x22814f0) returned 0x0 [0159.733] send (s=0x528, buf=0x21fc818*, len=79, flags=0) returned 79 [0159.734] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0159.734] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0159.751] recv (in: s=0x528, buf=0x2209fc5, len=451, flags=0 | out: buf=0x2209fc5*) returned 451 [0159.751] DecryptMessage (in: phContext=0x21f6890, pMessage=0x2281d98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2281d98, pfQOP=0x0) returned 0x0 [0159.751] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0159.751] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0159.751] recv (in: s=0x528, buf=0x2209fc5, len=29, flags=0 | out: buf=0x2209fc5*) returned 29 [0159.751] DecryptMessage (in: phContext=0x21f6890, pMessage=0x22a3138, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22a3138, pfQOP=0x0) returned 0x0 [0159.752] SetEvent (hEvent=0x3c0) returned 1 [0159.752] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599490*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0159.754] FreeAddrInfoW (pAddrInfo=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599490*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0159.754] WSAConnect (in: s=0x3b8, name=0x22a3a70*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0161.232] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0166.244] closesocket (s=0x3b8) returned 0 [0166.245] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0166.246] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0166.246] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0166.247] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2456093890134) returned 1 [0166.247] SetEvent (hEvent=0x3c0) returned 1 [0166.248] select (in: nfds=0, readfds=0x22e6238, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x22e6238, writefds=0x0, exceptfds=0x0) returned 0 [0166.249] EncryptMessage (in: phContext=0x21f6890, fQOP=0x0, pMessage=0x22e65d0, MessageSeqNo=0x0 | out: pMessage=0x22e65d0) returned 0x0 [0166.249] send (s=0x528, buf=0x21fc818*, len=79, flags=0) returned 79 [0166.250] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0166.250] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0166.267] recv (in: s=0x528, buf=0x2209fc5, len=451, flags=0 | out: buf=0x2209fc5*) returned 451 [0166.267] DecryptMessage (in: phContext=0x21f6890, pMessage=0x22e67d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22e67d8, pfQOP=0x0) returned 0x0 [0166.268] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0166.268] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0166.268] recv (in: s=0x528, buf=0x2209fc5, len=29, flags=0 | out: buf=0x2209fc5*) returned 29 [0166.269] DecryptMessage (in: phContext=0x21f6890, pMessage=0x2307b78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2307b78, pfQOP=0x0) returned 0x0 [0166.269] SetEvent (hEvent=0x3c0) returned 1 [0166.269] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c8b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e70*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0166.273] FreeAddrInfoW (pAddrInfo=0x59c8b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e70*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0166.274] WSAConnect (in: s=0x3b8, name=0x23084b0*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0167.932] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0172.960] closesocket (s=0x3b8) returned 0 [0172.961] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0172.962] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0172.962] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0172.963] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2456765498897) returned 1 [0172.963] SetEvent (hEvent=0x3c0) returned 1 [0172.965] select (in: nfds=0, readfds=0x2348ff0, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x2348ff0, writefds=0x0, exceptfds=0x0) returned 0 [0172.966] EncryptMessage (in: phContext=0x21f6890, fQOP=0x0, pMessage=0x2349388, MessageSeqNo=0x0 | out: pMessage=0x2349388) returned 0x0 [0172.966] send (s=0x528, buf=0x21fc818*, len=79, flags=0) returned 79 [0172.968] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0172.968] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0172.987] recv (in: s=0x528, buf=0x2209fc5, len=451, flags=0 | out: buf=0x2209fc5*) returned 451 [0172.988] DecryptMessage (in: phContext=0x21f6890, pMessage=0x2349ca0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2349ca0, pfQOP=0x0) returned 0x0 [0172.989] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0172.989] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0172.989] recv (in: s=0x528, buf=0x2209fc5, len=29, flags=0 | out: buf=0x2209fc5*) returned 29 [0172.989] DecryptMessage (in: phContext=0x21f6890, pMessage=0x236b040, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x236b040, pfQOP=0x0) returned 0x0 [0172.990] SetEvent (hEvent=0x3c0) returned 1 [0172.990] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598ff0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0172.994] FreeAddrInfoW (pAddrInfo=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598ff0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0172.994] WSAConnect (in: s=0x3b8, name=0x236b978*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0174.535] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0179.557] closesocket (s=0x3b8) returned 0 [0179.557] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0179.559] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0179.559] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0179.560] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2457425163099) returned 1 [0179.560] SetEvent (hEvent=0x3c0) returned 1 [0179.561] select (in: nfds=0, readfds=0x23ad8b0, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x23ad8b0, writefds=0x0, exceptfds=0x0) returned 0 [0179.561] EncryptMessage (in: phContext=0x21f6890, fQOP=0x0, pMessage=0x23adc48, MessageSeqNo=0x0 | out: pMessage=0x23adc48) returned 0x0 [0179.561] send (s=0x528, buf=0x21fc818*, len=79, flags=0) returned 79 [0179.562] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0179.562] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0179.584] recv (in: s=0x528, buf=0x2209fc5, len=452, flags=0 | out: buf=0x2209fc5*) returned 452 [0179.584] DecryptMessage (in: phContext=0x21f6890, pMessage=0x23ae3b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23ae3b0, pfQOP=0x0) returned 0x0 [0179.586] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0179.586] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0179.586] recv (in: s=0x528, buf=0x2209fc5, len=29, flags=0 | out: buf=0x2209fc5*) returned 29 [0179.586] DecryptMessage (in: phContext=0x21f6890, pMessage=0x23cf750, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23cf750, pfQOP=0x0) returned 0x0 [0179.587] SetEvent (hEvent=0x3c0) returned 1 [0179.587] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59ccb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5991b0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0179.589] FreeAddrInfoW (pAddrInfo=0x59ccb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5991b0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0179.589] WSAConnect (in: s=0x3b8, name=0x23d0088*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0181.115] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0186.144] closesocket (s=0x3b8) returned 0 [0186.145] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0186.145] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0186.146] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0186.146] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2458083864080) returned 1 [0186.147] SetEvent (hEvent=0x3c0) returned 1 [0186.148] WSAIoctl (in: s=0x420, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14e6f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14e6f0, lpOverlapped=0x0) returned -1 [0186.148] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e2d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0186.148] WSAEventSelect (s=0x420, hEventObject=0x424, lNetworkEvents=512) returned 0 [0186.149] CoTaskMemAlloc (cb=0xcd0) returned 0x1aa961b0 [0186.149] RasEnumConnectionsW (in: param_1=0x1aa961b0, param_2=0x14e740, param_3=0x14e748 | out: param_1=0x1aa961b0, param_2=0x14e740, param_3=0x14e748) returned 0x0 [0186.379] CoTaskMemFree (pv=0x1aa961b0) [0186.414] GetCurrentProcess () returned 0xffffffffffffffff [0186.414] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e698 | out: TokenHandle=0x14e698*=0x350) returned 1 [0186.486] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x14e650 | out: pProxyConfig=0x14e650) returned 1 [0186.496] select (in: nfds=0, readfds=0x2404598, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x2404598, writefds=0x0, exceptfds=0x0) returned 0 [0186.496] EncryptMessage (in: phContext=0x21f6890, fQOP=0x0, pMessage=0x2404930, MessageSeqNo=0x0 | out: pMessage=0x2404930) returned 0x0 [0186.497] send (s=0x528, buf=0x21fc818*, len=79, flags=0) returned 79 [0186.497] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0186.498] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0186.559] recv (in: s=0x528, buf=0x2209fc5, len=452, flags=0 | out: buf=0x2209fc5*) returned 452 [0186.559] DecryptMessage (in: phContext=0x21f6890, pMessage=0x2404eb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2404eb0, pfQOP=0x0) returned 0x0 [0186.567] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0186.567] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0186.567] recv (in: s=0x528, buf=0x2209fc5, len=29, flags=0 | out: buf=0x2209fc5*) returned 29 [0186.567] DecryptMessage (in: phContext=0x21f6890, pMessage=0x2234fb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2234fb0, pfQOP=0x0) returned 0x0 [0186.567] SetEvent (hEvent=0x3c0) returned 1 [0186.568] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c670*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5990d0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0186.570] FreeAddrInfoW (pAddrInfo=0x59c670*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5990d0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0186.570] WSAConnect (in: s=0x3b8, name=0x22358e8*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0188.117] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0193.125] closesocket (s=0x3b8) returned 0 [0193.126] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0193.126] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0193.127] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0193.127] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2458781935043) returned 1 [0193.128] SetEvent (hEvent=0x3c0) returned 1 [0193.129] select (in: nfds=0, readfds=0x2270ab8, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x2270ab8, writefds=0x0, exceptfds=0x0) returned 0 [0193.130] EncryptMessage (in: phContext=0x21f6890, fQOP=0x0, pMessage=0x2270e50, MessageSeqNo=0x0 | out: pMessage=0x2270e50) returned 0x0 [0193.130] send (s=0x528, buf=0x21fc818*, len=79, flags=0) returned 79 [0193.131] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0193.131] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0193.151] recv (in: s=0x528, buf=0x2209fc5, len=452, flags=0 | out: buf=0x2209fc5*) returned 452 [0193.151] DecryptMessage (in: phContext=0x21f6890, pMessage=0x2271308, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2271308, pfQOP=0x0) returned 0x0 [0193.152] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0193.153] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0193.153] recv (in: s=0x528, buf=0x2209fc5, len=29, flags=0 | out: buf=0x2209fc5*) returned 29 [0193.153] DecryptMessage (in: phContext=0x21f6890, pMessage=0x22926a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22926a8, pfQOP=0x0) returned 0x0 [0193.153] SetEvent (hEvent=0x3c0) returned 1 [0193.154] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59ccb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599490*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0193.156] FreeAddrInfoW (pAddrInfo=0x59ccb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599490*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0193.157] WSAConnect (in: s=0x3b8, name=0x2292fe0*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0194.628] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0199.638] closesocket (s=0x3b8) returned 0 [0199.639] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0199.639] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0199.639] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0199.640] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2459433197985) returned 1 [0199.640] SetEvent (hEvent=0x3c0) returned 1 [0199.641] select (in: nfds=0, readfds=0x22cee90, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x22cee90, writefds=0x0, exceptfds=0x0) returned 0 [0199.642] EncryptMessage (in: phContext=0x21f6890, fQOP=0x0, pMessage=0x22cf228, MessageSeqNo=0x0 | out: pMessage=0x22cf228) returned 0x0 [0199.642] send (s=0x528, buf=0x21fc818*, len=79, flags=0) returned 79 [0199.643] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0199.643] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0199.670] recv (in: s=0x528, buf=0x2209fc5, len=452, flags=0 | out: buf=0x2209fc5*) returned 452 [0199.670] DecryptMessage (in: phContext=0x21f6890, pMessage=0x22cf890, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22cf890, pfQOP=0x0) returned 0x0 [0199.672] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0199.672] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0199.672] recv (in: s=0x528, buf=0x2209fc5, len=29, flags=0 | out: buf=0x2209fc5*) returned 29 [0199.672] DecryptMessage (in: phContext=0x21f6890, pMessage=0x22f0c30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22f0c30, pfQOP=0x0) returned 0x0 [0199.672] SetEvent (hEvent=0x3c0) returned 1 [0199.672] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599490*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0199.680] FreeAddrInfoW (pAddrInfo=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599490*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0199.680] WSAConnect (in: s=0x3b8, name=0x22f1568*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0201.035] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0206.077] closesocket (s=0x3b8) returned 0 [0206.079] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0206.079] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0206.079] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0206.080] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2460077221530) returned 1 [0206.080] SetEvent (hEvent=0x3c0) returned 1 [0206.082] select (in: nfds=0, readfds=0x232a610, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x232a610, writefds=0x0, exceptfds=0x0) returned 0 [0206.083] EncryptMessage (in: phContext=0x21f6890, fQOP=0x0, pMessage=0x232a9a8, MessageSeqNo=0x0 | out: pMessage=0x232a9a8) returned 0x0 [0206.083] send (s=0x528, buf=0x21fc818*, len=79, flags=0) returned 79 [0206.084] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0206.084] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0206.102] recv (in: s=0x528, buf=0x2209fc5, len=452, flags=0 | out: buf=0x2209fc5*) returned 452 [0206.103] DecryptMessage (in: phContext=0x21f6890, pMessage=0x232ae90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x232ae90, pfQOP=0x0) returned 0x0 [0206.104] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0206.104] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0206.104] recv (in: s=0x528, buf=0x2209fc5, len=29, flags=0 | out: buf=0x2209fc5*) returned 29 [0206.104] DecryptMessage (in: phContext=0x21f6890, pMessage=0x234c230, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x234c230, pfQOP=0x0) returned 0x0 [0206.104] SetEvent (hEvent=0x3c0) returned 1 [0206.105] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59cbb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599490*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0206.137] FreeAddrInfoW (pAddrInfo=0x59cbb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599490*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0206.137] WSAConnect (in: s=0x3b8, name=0x234d0e0*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0207.631] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0212.651] closesocket (s=0x3b8) returned 0 [0212.652] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0212.652] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0212.652] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0212.653] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2460734530872) returned 1 [0212.653] SetEvent (hEvent=0x3c0) returned 1 [0212.655] select (in: nfds=0, readfds=0x2387df8, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x2387df8, writefds=0x0, exceptfds=0x0) returned 0 [0212.655] EncryptMessage (in: phContext=0x21f6890, fQOP=0x0, pMessage=0x2388190, MessageSeqNo=0x0 | out: pMessage=0x2388190) returned 0x0 [0212.656] send (s=0x528, buf=0x21fc818*, len=79, flags=0) returned 79 [0212.656] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0212.656] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0212.681] recv (in: s=0x528, buf=0x2209fc5, len=452, flags=0 | out: buf=0x2209fc5*) returned 452 [0212.681] DecryptMessage (in: phContext=0x21f6890, pMessage=0x2388590, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2388590, pfQOP=0x0) returned 0x0 [0212.683] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0212.683] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0212.683] recv (in: s=0x528, buf=0x2209fc5, len=29, flags=0 | out: buf=0x2209fc5*) returned 29 [0212.683] DecryptMessage (in: phContext=0x21f6890, pMessage=0x23a9930, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23a9930, pfQOP=0x0) returned 0x0 [0212.683] SetEvent (hEvent=0x3c0) returned 1 [0212.684] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c8b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e70*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0212.686] FreeAddrInfoW (pAddrInfo=0x59c8b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e70*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0212.686] WSAConnect (in: s=0x3b8, name=0x23aa268*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0214.130] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0219.263] closesocket (s=0x3b8) returned 0 [0219.263] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0219.264] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0219.264] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0219.265] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2461395716742) returned 1 [0219.265] SetEvent (hEvent=0x3c0) returned 1 [0219.266] WSAIoctl (in: s=0x420, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14e6f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14e6f0, lpOverlapped=0x0) returned -1 [0219.266] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e2d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0219.266] WSAEventSelect (s=0x420, hEventObject=0x424, lNetworkEvents=512) returned 0 [0219.267] CoTaskMemAlloc (cb=0xcd0) returned 0x1aa961b0 [0219.267] RasEnumConnectionsW (in: param_1=0x1aa961b0, param_2=0x14e740, param_3=0x14e748 | out: param_1=0x1aa961b0, param_2=0x14e740, param_3=0x14e748) returned 0x0 [0219.311] CoTaskMemFree (pv=0x1aa961b0) [0219.311] GetCurrentProcess () returned 0xffffffffffffffff [0219.311] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e698 | out: TokenHandle=0x14e698*=0x350) returned 1 [0219.313] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x14e650 | out: pProxyConfig=0x14e650) returned 1 [0219.408] select (in: nfds=0, readfds=0x23e3170, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x23e3170, writefds=0x0, exceptfds=0x0) returned 0 [0219.408] EncryptMessage (in: phContext=0x21f6890, fQOP=0x0, pMessage=0x23e3508, MessageSeqNo=0x0 | out: pMessage=0x23e3508) returned 0x0 [0219.409] send (s=0x528, buf=0x21fc818*, len=79, flags=0) returned 79 [0219.410] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0219.411] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0219.447] recv (in: s=0x528, buf=0x2209fc5, len=452, flags=0 | out: buf=0x2209fc5*) returned 452 [0219.447] DecryptMessage (in: phContext=0x21f6890, pMessage=0x23e3a50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23e3a50, pfQOP=0x0) returned 0x0 [0219.448] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0219.448] recv (in: s=0x528, buf=0x2209fc0, len=5, flags=0 | out: buf=0x2209fc0*) returned 5 [0219.448] recv (in: s=0x528, buf=0x2209fc5, len=29, flags=0 | out: buf=0x2209fc5*) returned 29 [0219.448] DecryptMessage (in: phContext=0x21f6890, pMessage=0x2404df0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2404df0, pfQOP=0x0) returned 0x0 [0219.449] SetEvent (hEvent=0x3c0) returned 1 [0219.449] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59cb70*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599210*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0219.452] FreeAddrInfoW (pAddrInfo=0x59cb70*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599210*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0219.452] WSAConnect (in: s=0x3b8, name=0x2405750*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0220.932] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0225.945] closesocket (s=0x3b8) returned 0 [0225.946] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0225.946] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0225.946] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0225.947] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2462063887101) returned 1 [0225.947] SetEvent (hEvent=0x3c0) returned 1 [0225.948] select (in: nfds=0, readfds=0x222cc98, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x222cc98, writefds=0x0, exceptfds=0x0) returned 0 [0225.949] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x222d0b8, MessageSeqNo=0x0 | out: pMessage=0x222d0b8) returned 0x0 [0225.949] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0225.950] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0225.950] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0225.972] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0225.972] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x222d6f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x222d6f0, pfQOP=0x0) returned 0x0 [0225.973] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0225.973] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0225.973] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0225.973] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x224eab0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x224eab0, pfQOP=0x0) returned 0x0 [0225.973] SetEvent (hEvent=0x3c0) returned 1 [0225.974] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59ccb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599030*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0225.978] FreeAddrInfoW (pAddrInfo=0x59ccb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599030*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0225.978] WSAConnect (in: s=0x3b8, name=0x224f3e8*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0227.636] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0232.655] closesocket (s=0x3b8) returned 0 [0232.655] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0232.656] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0232.656] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0232.656] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2462734818905) returned 1 [0232.656] SetEvent (hEvent=0x3c0) returned 1 [0232.657] select (in: nfds=0, readfds=0x22915b8, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x22915b8, writefds=0x0, exceptfds=0x0) returned 0 [0232.657] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x2291950, MessageSeqNo=0x0 | out: pMessage=0x2291950) returned 0x0 [0232.657] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0232.658] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0232.658] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0232.677] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0232.677] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x2291df0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2291df0, pfQOP=0x0) returned 0x0 [0232.678] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0232.678] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0232.678] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0232.678] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x22b31b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22b31b0, pfQOP=0x0) returned 0x0 [0232.678] SetEvent (hEvent=0x3c0) returned 1 [0232.678] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59cb30*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599030*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0232.680] FreeAddrInfoW (pAddrInfo=0x59cb30*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599030*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0232.680] WSAConnect (in: s=0x3b8, name=0x22b3ae8*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0234.038] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0239.059] closesocket (s=0x3b8) returned 0 [0239.060] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0239.061] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0239.061] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0239.062] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2463375398122) returned 1 [0239.062] SetEvent (hEvent=0x3c0) returned 1 [0239.064] select (in: nfds=0, readfds=0x22ee590, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x22ee590, writefds=0x0, exceptfds=0x0) returned 0 [0239.064] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x22ee928, MessageSeqNo=0x0 | out: pMessage=0x22ee928) returned 0x0 [0239.065] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0239.066] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0239.066] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0239.084] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0239.085] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x22eee78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22eee78, pfQOP=0x0) returned 0x0 [0239.086] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0239.086] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0239.086] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0239.086] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x2310238, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2310238, pfQOP=0x0) returned 0x0 [0239.086] SetEvent (hEvent=0x3c0) returned 1 [0239.087] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c970*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599030*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0239.091] FreeAddrInfoW (pAddrInfo=0x59c970*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599030*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0239.091] WSAConnect (in: s=0x3b8, name=0x2310b70*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0240.528] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0245.543] closesocket (s=0x3b8) returned 0 [0245.544] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0245.544] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0245.544] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0245.545] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2464023712649) returned 1 [0245.545] SetEvent (hEvent=0x3c0) returned 1 [0245.546] select (in: nfds=0, readfds=0x234ae10, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x234ae10, writefds=0x0, exceptfds=0x0) returned 0 [0245.547] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x234b1a8, MessageSeqNo=0x0 | out: pMessage=0x234b1a8) returned 0x0 [0245.547] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0245.548] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0245.548] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0245.569] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0245.569] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x234b988, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x234b988, pfQOP=0x0) returned 0x0 [0245.570] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0245.570] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0245.570] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0245.570] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x236cd48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x236cd48, pfQOP=0x0) returned 0x0 [0245.570] SetEvent (hEvent=0x3c0) returned 1 [0245.570] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59ccf0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5990d0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0245.573] FreeAddrInfoW (pAddrInfo=0x59ccf0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5990d0*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0245.574] WSAConnect (in: s=0x3b8, name=0x236d680*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0247.115] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0252.129] closesocket (s=0x3b8) returned 0 [0252.129] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0252.130] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0252.130] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0252.130] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2464682221322) returned 1 [0252.130] SetEvent (hEvent=0x3c0) returned 1 [0252.132] select (in: nfds=0, readfds=0x23a56f0, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x23a56f0, writefds=0x0, exceptfds=0x0) returned 0 [0252.132] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x23a5a88, MessageSeqNo=0x0 | out: pMessage=0x23a5a88) returned 0x0 [0252.132] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0252.133] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0252.133] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0252.151] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0252.152] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x23a6188, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23a6188, pfQOP=0x0) returned 0x0 [0252.153] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0252.153] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0252.153] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0252.153] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x23c7548, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23c7548, pfQOP=0x0) returned 0x0 [0252.153] SetEvent (hEvent=0x3c0) returned 1 [0252.153] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c0b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599490*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) returned 0 [0252.156] FreeAddrInfoW (pAddrInfo=0x59c0b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599490*(sa_family=2, sin_port=0x0, sin_addr="18.190.63.84"), ai_next=0x0)) [0252.156] WSAConnect (in: s=0x3b8, name=0x23c7e80*(sa_family=2, sin_port=0x4b43, sin_addr="18.190.63.84"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0253.834] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0274.391] closesocket (s=0x3b8) returned 0 [0274.393] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0274.394] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0274.394] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0274.395] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2466908760038) returned 1 [0274.396] SetEvent (hEvent=0x3c0) returned 1 [0274.398] select (in: nfds=0, readfds=0x23eca98, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x23eca98, writefds=0x0, exceptfds=0x0) returned 0 [0274.399] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x23ece30, MessageSeqNo=0x0 | out: pMessage=0x23ece30) returned 0x0 [0274.399] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0274.402] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0274.402] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0274.463] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0274.463] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x23ed480, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23ed480, pfQOP=0x0) returned 0x0 [0274.465] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0274.465] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0274.465] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0274.465] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x240e840, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x240e840, pfQOP=0x0) returned 0x0 [0274.465] SetEvent (hEvent=0x3c0) returned 1 [0274.466] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e90*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) returned 0 [0274.475] FreeAddrInfoW (pAddrInfo=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e90*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) [0274.475] WSAConnect (in: s=0x3b8, name=0x240f178*(sa_family=2, sin_port=0x4b43, sin_addr="3.135.250.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0276.066] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0281.087] closesocket (s=0x3b8) returned 0 [0281.087] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0281.087] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0281.087] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0281.088] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2467577973600) returned 1 [0281.088] SetEvent (hEvent=0x3c0) returned 1 [0281.089] WSAIoctl (in: s=0x420, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14e6f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14e6f0, lpOverlapped=0x0) returned -1 [0281.089] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e2d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0281.089] WSAEventSelect (s=0x420, hEventObject=0x424, lNetworkEvents=512) returned 0 [0281.089] CoTaskMemAlloc (cb=0xcd0) returned 0x1aa961b0 [0281.090] RasEnumConnectionsW (in: param_1=0x1aa961b0, param_2=0x14e740, param_3=0x14e748 | out: param_1=0x1aa961b0, param_2=0x14e740, param_3=0x14e748) returned 0x0 [0281.095] CoTaskMemFree (pv=0x1aa961b0) [0281.096] GetCurrentProcess () returned 0xffffffffffffffff [0281.096] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e698 | out: TokenHandle=0x14e698*=0x358) returned 1 [0281.097] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x14e650 | out: pProxyConfig=0x14e650) returned 1 [0281.107] select (in: nfds=0, readfds=0x224a3b0, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x224a3b0, writefds=0x0, exceptfds=0x0) returned 0 [0281.107] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x224a748, MessageSeqNo=0x0 | out: pMessage=0x224a748) returned 0x0 [0281.107] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0281.108] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0281.108] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0281.133] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0281.133] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x224add0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x224add0, pfQOP=0x0) returned 0x0 [0281.134] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0281.135] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0281.135] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0281.135] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x226c190, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x226c190, pfQOP=0x0) returned 0x0 [0281.135] SetEvent (hEvent=0x3c0) returned 1 [0281.135] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598eb0*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) returned 0 [0281.138] FreeAddrInfoW (pAddrInfo=0x59c5f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598eb0*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) [0281.138] WSAConnect (in: s=0x3b8, name=0x226caf0*(sa_family=2, sin_port=0x4b43, sin_addr="3.135.250.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0282.628] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0287.635] closesocket (s=0x3b8) returned 0 [0287.636] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0287.636] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0287.636] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0287.636] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2468232860983) returned 1 [0287.637] SetEvent (hEvent=0x3c0) returned 1 [0287.638] select (in: nfds=0, readfds=0x22a6718, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x22a6718, writefds=0x0, exceptfds=0x0) returned 0 [0287.638] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x22a6ab0, MessageSeqNo=0x0 | out: pMessage=0x22a6ab0) returned 0x0 [0287.639] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0287.639] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0287.639] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0287.657] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0287.657] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x22a6cb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22a6cb8, pfQOP=0x0) returned 0x0 [0287.658] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0287.658] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0287.659] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0287.659] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x22c8078, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22c8078, pfQOP=0x0) returned 0x0 [0287.659] SetEvent (hEvent=0x3c0) returned 1 [0287.659] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599250*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) returned 0 [0287.661] FreeAddrInfoW (pAddrInfo=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599250*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) [0287.661] WSAConnect (in: s=0x3b8, name=0x22c89b0*(sa_family=2, sin_port=0x4b43, sin_addr="3.135.250.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0289.105] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0294.116] closesocket (s=0x3b8) returned 0 [0294.117] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0294.117] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0294.117] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0294.118] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2468880965449) returned 1 [0294.118] SetEvent (hEvent=0x3c0) returned 1 [0294.119] select (in: nfds=0, readfds=0x2303f20, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x2303f20, writefds=0x0, exceptfds=0x0) returned 0 [0294.119] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x23042b8, MessageSeqNo=0x0 | out: pMessage=0x23042b8) returned 0x0 [0294.119] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0294.120] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0294.120] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0294.137] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0294.137] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x2304860, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2304860, pfQOP=0x0) returned 0x0 [0294.138] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0294.138] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0294.138] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0294.138] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x2325c20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2325c20, pfQOP=0x0) returned 0x0 [0294.138] SetEvent (hEvent=0x3c0) returned 1 [0294.139] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c8b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598eb0*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) returned 0 [0294.142] FreeAddrInfoW (pAddrInfo=0x59c8b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598eb0*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) [0294.142] WSAConnect (in: s=0x3b8, name=0x2326558*(sa_family=2, sin_port=0x4b43, sin_addr="3.135.250.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0295.743] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0300.759] closesocket (s=0x3b8) returned 0 [0300.759] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0300.760] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0300.760] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0300.761] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2469545268887) returned 1 [0300.761] SetEvent (hEvent=0x3c0) returned 1 [0300.762] select (in: nfds=0, readfds=0x235ee38, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x235ee38, writefds=0x0, exceptfds=0x0) returned 0 [0300.762] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x235f1d0, MessageSeqNo=0x0 | out: pMessage=0x235f1d0) returned 0x0 [0300.763] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0300.763] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0300.763] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0300.780] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0300.780] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x235f3d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x235f3d8, pfQOP=0x0) returned 0x0 [0300.782] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0300.782] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0300.782] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0300.782] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x2380798, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2380798, pfQOP=0x0) returned 0x0 [0300.782] SetEvent (hEvent=0x3c0) returned 1 [0300.782] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59ccb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5990d0*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) returned 0 [0300.785] FreeAddrInfoW (pAddrInfo=0x59ccb0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x5990d0*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) [0300.785] WSAConnect (in: s=0x3b8, name=0x23810d0*(sa_family=2, sin_port=0x4b43, sin_addr="3.135.250.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0302.334] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0307.339] closesocket (s=0x3b8) returned 0 [0307.340] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0307.340] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0307.340] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0307.341] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2470203274083) returned 1 [0307.341] SetEvent (hEvent=0x3c0) returned 1 [0307.342] select (in: nfds=0, readfds=0x23b9638, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x23b9638, writefds=0x0, exceptfds=0x0) returned 0 [0307.343] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x23b99d0, MessageSeqNo=0x0 | out: pMessage=0x23b99d0) returned 0x0 [0307.343] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0307.344] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0307.344] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0307.363] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0307.363] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x23b9f48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23b9f48, pfQOP=0x0) returned 0x0 [0307.364] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0307.364] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0307.365] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0307.365] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x23db308, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23db308, pfQOP=0x0) returned 0x0 [0307.365] SetEvent (hEvent=0x3c0) returned 1 [0307.365] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598ed0*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) returned 0 [0307.368] FreeAddrInfoW (pAddrInfo=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598ed0*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) [0307.368] WSAConnect (in: s=0x3b8, name=0x23dbc40*(sa_family=2, sin_port=0x4b43, sin_addr="3.135.250.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0308.944] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0313.961] closesocket (s=0x3b8) returned 0 [0313.962] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0313.962] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0313.962] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0313.963] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2470865537532) returned 1 [0313.964] SetEvent (hEvent=0x3c0) returned 1 [0313.966] select (in: nfds=0, readfds=0x24136f8, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x24136f8, writefds=0x0, exceptfds=0x0) returned 0 [0313.966] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x2413a90, MessageSeqNo=0x0 | out: pMessage=0x2413a90) returned 0x0 [0313.966] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0313.967] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0313.967] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0313.989] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0313.989] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x2413de0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2413de0, pfQOP=0x0) returned 0x0 [0314.001] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0314.001] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0314.001] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0314.001] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x22363d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22363d0, pfQOP=0x0) returned 0x0 [0314.002] SetEvent (hEvent=0x3c0) returned 1 [0314.002] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e70*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) returned 0 [0314.005] FreeAddrInfoW (pAddrInfo=0x59c5f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e70*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) [0314.005] WSAConnect (in: s=0x3b8, name=0x2236d08*(sa_family=2, sin_port=0x4b43, sin_addr="3.135.250.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0315.452] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0320.463] closesocket (s=0x3b8) returned 0 [0320.464] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0320.464] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0320.464] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0320.465] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2471515710341) returned 1 [0320.465] SetEvent (hEvent=0x3c0) returned 1 [0320.466] select (in: nfds=0, readfds=0x2270e00, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x2270e00, writefds=0x0, exceptfds=0x0) returned 0 [0320.467] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x2271198, MessageSeqNo=0x0 | out: pMessage=0x2271198) returned 0x0 [0320.467] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0320.469] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0320.469] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0320.486] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0320.487] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x22715f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22715f0, pfQOP=0x0) returned 0x0 [0320.488] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0320.488] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0320.488] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0320.488] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x22929b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22929b0, pfQOP=0x0) returned 0x0 [0320.488] SetEvent (hEvent=0x3c0) returned 1 [0320.488] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598eb0*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) returned 0 [0320.492] FreeAddrInfoW (pAddrInfo=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598eb0*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) [0320.492] WSAConnect (in: s=0x3b8, name=0x22932e8*(sa_family=2, sin_port=0x4b43, sin_addr="3.135.250.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0321.949] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0326.968] closesocket (s=0x3b8) returned 0 [0326.968] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0326.968] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0326.968] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0326.969] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2472166074867) returned 1 [0326.969] SetEvent (hEvent=0x3c0) returned 1 [0326.970] select (in: nfds=0, readfds=0x22cf9c0, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x22cf9c0, writefds=0x0, exceptfds=0x0) returned 0 [0326.970] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x22cfd58, MessageSeqNo=0x0 | out: pMessage=0x22cfd58) returned 0x0 [0326.970] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0326.971] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0326.971] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0326.990] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0326.990] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x22d0360, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22d0360, pfQOP=0x0) returned 0x0 [0326.991] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0326.991] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0326.991] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0326.991] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x22f1720, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22f1720, pfQOP=0x0) returned 0x0 [0326.991] SetEvent (hEvent=0x3c0) returned 1 [0326.992] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e70*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) returned 0 [0326.994] FreeAddrInfoW (pAddrInfo=0x59c5f0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e70*(sa_family=2, sin_port=0x0, sin_addr="3.135.250.11"), ai_next=0x0)) [0326.994] WSAConnect (in: s=0x3b8, name=0x22f2058*(sa_family=2, sin_port=0x4b43, sin_addr="3.135.250.11"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0328.437] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0334.024] closesocket (s=0x3b8) returned 0 [0334.025] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0334.025] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0334.025] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0334.025] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2472871749656) returned 1 [0334.025] SetEvent (hEvent=0x3c0) returned 1 [0334.027] select (in: nfds=0, readfds=0x232c2a8, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x232c2a8, writefds=0x0, exceptfds=0x0) returned 0 [0334.027] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x232c640, MessageSeqNo=0x0 | out: pMessage=0x232c640) returned 0x0 [0334.027] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0334.028] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0334.028] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0334.048] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0334.048] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x232cde8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x232cde8, pfQOP=0x0) returned 0x0 [0334.049] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0334.049] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0334.049] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0334.049] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x234e1a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x234e1a8, pfQOP=0x0) returned 0x0 [0334.049] SetEvent (hEvent=0x3c0) returned 1 [0334.049] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e90*(sa_family=2, sin_port=0x0, sin_addr="3.12.245.36"), ai_next=0x0)) returned 0 [0334.063] FreeAddrInfoW (pAddrInfo=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e90*(sa_family=2, sin_port=0x0, sin_addr="3.12.245.36"), ai_next=0x0)) [0334.064] WSAConnect (in: s=0x3b8, name=0x234ec18*(sa_family=2, sin_port=0x4b43, sin_addr="3.12.245.36"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0335.520] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0340.542] closesocket (s=0x3b8) returned 0 [0340.543] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0340.544] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0340.544] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0340.545] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2473523694826) returned 1 [0340.545] SetEvent (hEvent=0x3c0) returned 1 [0340.546] WSAIoctl (in: s=0x420, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x14e6f0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x14e6f0, lpOverlapped=0x0) returned -1 [0340.546] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x14e2d0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0340.546] WSAEventSelect (s=0x420, hEventObject=0x424, lNetworkEvents=512) returned 0 [0340.547] CoTaskMemAlloc (cb=0xcd0) returned 0x1aa961b0 [0340.547] RasEnumConnectionsW (in: param_1=0x1aa961b0, param_2=0x14e740, param_3=0x14e748 | out: param_1=0x1aa961b0, param_2=0x14e740, param_3=0x14e748) returned 0x0 [0340.552] CoTaskMemFree (pv=0x1aa961b0) [0340.553] GetCurrentProcess () returned 0xffffffffffffffff [0340.553] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e698 | out: TokenHandle=0x14e698*=0x350) returned 1 [0340.555] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x14e650 | out: pProxyConfig=0x14e650) returned 1 [0340.626] select (in: nfds=0, readfds=0x2388058, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x2388058, writefds=0x0, exceptfds=0x0) returned 0 [0340.626] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x23883f0, MessageSeqNo=0x0 | out: pMessage=0x23883f0) returned 0x0 [0340.626] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0340.628] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0340.628] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0340.649] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0340.650] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x2388878, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2388878, pfQOP=0x0) returned 0x0 [0340.650] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0340.650] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0340.651] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0340.651] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x23a9c38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23a9c38, pfQOP=0x0) returned 0x0 [0340.651] SetEvent (hEvent=0x3c0) returned 1 [0340.651] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59cb30*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e90*(sa_family=2, sin_port=0x0, sin_addr="3.12.245.36"), ai_next=0x0)) returned 0 [0340.655] FreeAddrInfoW (pAddrInfo=0x59cb30*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e90*(sa_family=2, sin_port=0x0, sin_addr="3.12.245.36"), ai_next=0x0)) [0340.655] WSAConnect (in: s=0x3b8, name=0x23aa598*(sa_family=2, sin_port=0x4b43, sin_addr="3.12.245.36"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0342.208] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0347.217] closesocket (s=0x3b8) returned 0 [0347.217] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0347.217] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0347.217] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0347.217] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2474190959759) returned 1 [0347.218] SetEvent (hEvent=0x3c0) returned 1 [0347.219] select (in: nfds=0, readfds=0x23e8a28, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x23e8a28, writefds=0x0, exceptfds=0x0) returned 0 [0347.219] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x23e8dc0, MessageSeqNo=0x0 | out: pMessage=0x23e8dc0) returned 0x0 [0347.219] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0347.220] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0347.220] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0347.241] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0347.241] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x23e8fc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x23e8fc8, pfQOP=0x0) returned 0x0 [0347.241] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0347.242] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0347.242] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0347.242] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x240a388, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x240a388, pfQOP=0x0) returned 0x0 [0347.242] SetEvent (hEvent=0x3c0) returned 1 [0347.242] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599210*(sa_family=2, sin_port=0x0, sin_addr="3.12.245.36"), ai_next=0x0)) returned 0 [0347.245] FreeAddrInfoW (pAddrInfo=0x59c5b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x599210*(sa_family=2, sin_port=0x0, sin_addr="3.12.245.36"), ai_next=0x0)) [0347.245] WSAConnect (in: s=0x3b8, name=0x240acc0*(sa_family=2, sin_port=0x4b43, sin_addr="3.12.245.36"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned -1 [0348.930] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x274d, dwLanguageId=0x0, lpBuffer=0x14e740, nSize=0x101, Arguments=0x0 | out: lpBuffer="No connection could be made because the target machine actively refused it.\r\n") returned 0x4d [0353.947] closesocket (s=0x3b8) returned 0 [0353.949] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x3b8 [0353.951] setsockopt (s=0x3b8, level=65535, optname=4098, optval="", optlen=4) returned 0 [0353.951] setsockopt (s=0x3b8, level=65535, optname=4097, optval="", optlen=4) returned 0 [0353.955] QueryPerformanceCounter (in: lpPerformanceCount=0x14ea88 | out: lpPerformanceCount=0x14ea88*=2474864688334) returned 1 [0353.955] SetEvent (hEvent=0x3c0) returned 1 [0353.958] select (in: nfds=0, readfds=0x225d1d8, writefds=0x0, exceptfds=0x0, timeout=0x14e8d8*(tv_sec=0, tv_usec=0) | out: readfds=0x225d1d8, writefds=0x0, exceptfds=0x0) returned 0 [0353.959] EncryptMessage (in: phContext=0x21f5b98, fQOP=0x0, pMessage=0x225d570, MessageSeqNo=0x0 | out: pMessage=0x225d570) returned 0x0 [0353.960] send (s=0x528, buf=0x21fb6e8*, len=79, flags=0) returned 79 [0353.962] setsockopt (s=0x528, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0353.962] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0354.008] recv (in: s=0x528, buf=0x2208e95, len=452, flags=0 | out: buf=0x2208e95*) returned 452 [0354.009] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x225d778, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x225d778, pfQOP=0x0) returned 0x0 [0354.011] setsockopt (s=0x528, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0354.011] recv (in: s=0x528, buf=0x2208e90, len=5, flags=0 | out: buf=0x2208e90*) returned 5 [0354.011] recv (in: s=0x528, buf=0x2208e95, len=29, flags=0 | out: buf=0x2208e95*) returned 29 [0354.011] DecryptMessage (in: phContext=0x21f5b98, pMessage=0x227eb38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x227eb38, pfQOP=0x0) returned 0x0 [0354.011] SetEvent (hEvent=0x3c0) returned 1 [0354.012] GetAddrInfoW (in: pNodeName="0.tcp.ngrok.io", pServiceName=0x0, pHints=0x14eb08*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x14ea50 | out: ppResult=0x14ea50*=0x59c0b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e90*(sa_family=2, sin_port=0x0, sin_addr="3.12.245.36"), ai_next=0x0)) returned 0 [0354.025] FreeAddrInfoW (pAddrInfo=0x59c0b0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="0.tcp.ngrok.io", ai_addr=0x598e90*(sa_family=2, sin_port=0x0, sin_addr="3.12.245.36"), ai_next=0x0)) [0354.025] WSAConnect (s=0x3b8, name=0x227f470*(sa_family=2, sin_port=0x4b43, sin_addr="3.12.245.36"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0) Thread: id = 2 os_tid = 0x12c8 Thread: id = 3 os_tid = 0x12cc Thread: id = 4 os_tid = 0x12d0 [0118.588] CoGetContextToken (in: pToken=0x1a72f300 | out: pToken=0x1a72f300) returned 0x0 [0118.588] CObjectContext::QueryInterface () returned 0x0 [0118.588] CObjectContext::GetCurrentThreadType () returned 0x0 [0118.588] Release () returned 0x0 [0118.588] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0118.588] RoInitialize () returned 0x1 [0118.588] RoUninitialize () returned 0x0 [0151.610] CloseHandle (hObject=0x34c) returned 1 [0151.611] LocalFree (hMem=0x1aad8900) returned 0x0 [0151.611] CloseHandle (hObject=0x3dc) returned 1 [0151.611] CryptDestroyKey (hKey=0x1aad8d70) returned 1 [0151.612] CryptReleaseContext (hProv=0x5832e0, dwFlags=0x0) returned 1 [0151.612] CryptReleaseContext (hProv=0x5832e0, dwFlags=0x0) returned 1 [0151.612] CloseHandle (hObject=0x3d8) returned 1 [0151.612] CertCloseStore (hCertStore=0x58f1f0, dwFlags=0x0) returned 1 [0151.612] CryptDestroyKey (hKey=0x54ebe0) returned 1 [0151.612] CryptReleaseContext (hProv=0x5829e0, dwFlags=0x0) returned 1 [0151.613] CryptReleaseContext (hProv=0x5829e0, dwFlags=0x0) returned 1 [0151.613] CloseHandle (hObject=0x3d4) returned 1 [0151.616] CloseHandle (hObject=0x4b8) returned 1 [0151.617] CloseHandle (hObject=0x3d0) returned 1 [0151.617] CryptDestroyKey (hKey=0x571fc0) returned 1 [0151.617] CryptReleaseContext (hProv=0x5836e0, dwFlags=0x0) returned 1 [0151.617] CryptReleaseContext (hProv=0x5836e0, dwFlags=0x0) returned 1 [0151.617] CloseHandle (hObject=0x3cc) returned 1 [0151.617] CryptDestroyKey (hKey=0x572260) returned 1 [0151.617] CryptReleaseContext (hProv=0x5826e0, dwFlags=0x0) returned 1 [0151.617] CryptReleaseContext (hProv=0x5826e0, dwFlags=0x0) returned 1 [0151.618] SysStringLen (param_1="୺쯜麷鸅虀︱\旚⣔㔀㘀＀⧿ ㄀＀⋿) returned 0x10 [0151.618] CryptDestroyKey (hKey=0x5722d0) returned 1 [0151.618] CryptReleaseContext (hProv=0x581ae0, dwFlags=0x0) returned 1 [0151.618] CryptReleaseContext (hProv=0x581ae0, dwFlags=0x0) returned 1 [0151.618] CertFreeCertificateContext (pCertContext=0x57f580) returned 1 [0151.618] CryptDestroyKey (hKey=0x572340) returned 1 [0151.618] CryptReleaseContext (hProv=0x582fe0, dwFlags=0x0) returned 1 [0151.619] CryptReleaseContext (hProv=0x582fe0, dwFlags=0x0) returned 1 [0151.619] CloseHandle (hObject=0x3b4) returned 1 [0151.619] CryptDestroyKey (hKey=0x572180) returned 1 [0151.619] CryptReleaseContext (hProv=0x582de0, dwFlags=0x0) returned 1 [0151.619] CryptReleaseContext (hProv=0x582de0, dwFlags=0x0) returned 1 [0151.619] CloseHandle (hObject=0x3b0) returned 1 [0151.619] CryptDestroyKey (hKey=0x5726c0) returned 1 [0151.620] CryptReleaseContext (hProv=0x5821e0, dwFlags=0x0) returned 1 [0151.620] CryptReleaseContext (hProv=0x5821e0, dwFlags=0x0) returned 1 [0151.620] CertFreeCertificateContext (pCertContext=0x57fa80) returned 1 [0151.620] CryptDestroyKey (hKey=0x572110) returned 1 [0151.620] CryptReleaseContext (hProv=0x5824e0, dwFlags=0x0) returned 1 [0151.620] CryptReleaseContext (hProv=0x5824e0, dwFlags=0x0) returned 1 [0151.620] CloseHandle (hObject=0x38c) returned 1 [0151.621] CryptDestroyKey (hKey=0x572650) returned 1 [0151.621] CryptReleaseContext (hProv=0x5837e0, dwFlags=0x0) returned 1 [0151.621] CryptReleaseContext (hProv=0x5837e0, dwFlags=0x0) returned 1 [0151.621] CloseHandle (hObject=0x388) returned 1 [0151.621] CryptDestroyKey (hKey=0x571c40) returned 1 [0151.621] CryptReleaseContext (hProv=0x5835e0, dwFlags=0x0) returned 1 [0151.621] CryptReleaseContext (hProv=0x5835e0, dwFlags=0x0) returned 1 [0151.621] CloseHandle (hObject=0x54c) returned 1 [0151.622] CloseHandle (hObject=0x384) returned 1 [0151.622] CryptDestroyKey (hKey=0x572420) returned 1 [0151.622] CryptReleaseContext (hProv=0x582ee0, dwFlags=0x0) returned 1 [0151.622] CryptReleaseContext (hProv=0x582ee0, dwFlags=0x0) returned 1 [0151.622] CloseHandle (hObject=0x380) returned 1 [0151.622] CryptDestroyKey (hKey=0x572500) returned 1 [0151.622] CryptReleaseContext (hProv=0x582be0, dwFlags=0x0) returned 1 [0151.622] CryptReleaseContext (hProv=0x582be0, dwFlags=0x0) returned 1 [0151.623] CertFreeCertificateContext (pCertContext=0x57f600) returned 1 [0151.623] CloseHandle (hObject=0x37c) returned 1 [0151.623] CryptDestroyKey (hKey=0x571f50) returned 1 [0151.623] CryptReleaseContext (hProv=0x5833e0, dwFlags=0x0) returned 1 [0151.623] CryptReleaseContext (hProv=0x5833e0, dwFlags=0x0) returned 1 [0151.624] CloseHandle (hObject=0x374) returned 1 [0151.624] CryptDestroyKey (hKey=0x571d20) returned 1 [0151.624] CryptReleaseContext (hProv=0x5834e0, dwFlags=0x0) returned 1 [0151.624] CryptReleaseContext (hProv=0x5834e0, dwFlags=0x0) returned 1 [0151.624] CloseHandle (hObject=0x4dc) returned 1 [0151.624] CloseHandle (hObject=0x370) returned 1 [0151.625] CryptDestroyKey (hKey=0x571bd0) returned 1 [0151.625] CryptReleaseContext (hProv=0x5822e0, dwFlags=0x0) returned 1 [0151.625] CryptReleaseContext (hProv=0x5822e0, dwFlags=0x0) returned 1 [0151.625] CloseHandle (hObject=0x4d8) returned 1 [0151.625] SysStringLen (param_1="p.ngrok.") returned 0x8 [0151.625] CloseHandle (hObject=0x36c) returned 1 [0151.625] CloseHandle (hObject=0x4bc) returned 1 [0151.626] SysStringLen (param_1="ରX") returned 0x8 [0151.626] RegCloseKey (hKey=0x35c) returned 0x0 [0151.626] RegCloseKey (hKey=0x358) returned 0x0 [0151.626] RegCloseKey (hKey=0x350) returned 0x0 [0151.627] RegCloseKey (hKey=0x348) returned 0x0 [0151.627] CertFreeCertificateContext (pCertContext=0x5acab0) returned 1 [0151.628] CertFreeCertificateContext (pCertContext=0x57eb00) returned 1 [0151.628] CertFreeCertificateContext (pCertContext=0x57f880) returned 1 [0151.628] CertFreeCertificateContext (pCertContext=0x57f580) returned 1 [0186.565] SysStringLen (param_1="ᄄ﷼か؍⨉䢆č") returned 0x8 [0186.566] SysStringLen (param_1="") returned 0x8 [0186.566] SysStringLen (param_1="") returned 0x8 [0186.566] CloseHandle (hObject=0x350) returned 1 [0186.566] SysStringLen (param_1="綑淠㗕踰䍞") returned 0x8 [0186.566] SysStringLen (param_1="") returned 0x8 [0222.978] SysStringLen (param_1="") returned 0x8 [0222.986] SysStringLen (param_1="䵌䵅\x08") returned 0x8 [0222.986] CloseHandle (hObject=0x350) returned 1 [0222.986] SysStringLen (param_1="") returned 0x8 [0222.987] SysStringLen (param_1="ɀX") returned 0x8 [0222.987] SysStringLen (param_1="sterAdap") returned 0x8 [0222.987] SysStringLen (param_1="Director") returned 0x8 [0274.827] SysStringLen (param_1="p.ngrok.") returned 0x8 [0274.827] SysStringLen (param_1="rpc:[nts") returned 0x8 [0274.827] SysStringLen (param_1="༁ ƂȊƂ\x01໚駦") returned 0x8 [0274.827] SysStringLen (param_1="") returned 0x8 [0274.827] SysStringLen (param_1="p.ngrok.") returned 0x8 [0313.999] CloseHandle (hObject=0x358) returned 1 [0313.999] SysStringLen (param_1="") returned 0x8 [0313.999] SysStringLen (param_1="p.ngrok.") returned 0x8 [0314.000] SysStringLen (param_1="p.ngrok.") returned 0x8 [0314.000] SysStringLen (param_1="p.ngrok.") returned 0x8 [0314.000] SysStringLen (param_1="p.ngrok.") returned 0x8 [0348.471] SysStringLen (param_1="p.ngrok.") returned 0x8 [0348.471] CloseHandle (hObject=0x350) returned 1 [0348.471] SysStringLen (param_1="p.ngrok.") returned 0x8 [0348.471] SysStringLen (param_1="઀X") returned 0x8 [0348.471] SysStringLen (param_1="p.ngrok.") returned 0x8 Thread: id = 5 os_tid = 0x133c [0126.023] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0126.023] RoInitialize () returned 0x1 [0126.023] RoUninitialize () returned 0x0 [0126.091] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x310 [0126.167] Process32First (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.170] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0126.171] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0126.173] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0126.179] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0126.193] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0126.207] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0126.443] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0126.444] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0126.445] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.447] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.448] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0126.449] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.451] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.452] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.453] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.454] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.455] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.456] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.458] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0126.459] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0126.460] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.461] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0126.462] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0126.464] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0126.465] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0126.465] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0126.466] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.467] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0126.468] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0126.469] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0126.489] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0126.490] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0126.490] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0126.491] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0126.492] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0126.494] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0126.498] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0126.499] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0126.500] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0126.501] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0126.502] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0126.503] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0126.505] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0126.506] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0126.507] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0126.508] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0126.510] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0126.511] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0126.512] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0126.513] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0126.514] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0126.515] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0126.517] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0126.518] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0126.520] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0126.521] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0126.522] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0126.523] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0126.698] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0126.700] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0126.701] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0126.702] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0126.704] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0126.705] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0126.706] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0126.707] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0126.709] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0126.710] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0126.711] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0126.713] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0126.715] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0126.716] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0126.717] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0126.718] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0126.719] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0126.720] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0126.721] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0126.722] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0126.724] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0126.725] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0126.726] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0126.727] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0126.728] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0126.729] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0126.730] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0126.731] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0126.732] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0126.822] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0126.823] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0126.825] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0126.826] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0126.827] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0126.830] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0126.831] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0126.832] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0126.833] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.835] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0126.836] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0126.838] Process32Next (in: hSnapshot=0x310, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0126.848] CloseHandle (hObject=0x310) returned 1 [0126.981] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x328 [0126.989] Process32First (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0126.990] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0126.992] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0126.993] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0126.994] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0126.996] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0126.997] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0126.998] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0126.999] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0127.001] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.002] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.003] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0127.004] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.005] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.006] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.007] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.009] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.010] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.011] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.012] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0127.013] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0127.014] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.015] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0127.016] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0127.017] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0127.041] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0127.042] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0127.043] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.044] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0127.045] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0127.046] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0127.047] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0127.047] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0127.048] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0127.049] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0127.050] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0127.051] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0127.052] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0127.052] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0127.053] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0127.054] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0127.055] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0127.056] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0127.057] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0127.058] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0127.059] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0127.060] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0127.061] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0127.061] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0127.062] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0127.063] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0127.064] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0127.065] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0127.066] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0127.067] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0127.067] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0127.068] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0127.069] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0127.070] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0127.072] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0127.073] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0127.078] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0127.079] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0127.080] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0127.082] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0127.083] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0127.084] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0127.085] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0127.086] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0127.088] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0127.089] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0127.090] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0127.092] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0127.093] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0127.094] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0127.095] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0127.096] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0127.097] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0127.098] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0127.099] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0127.101] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0127.102] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0127.103] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0127.104] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0127.105] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0127.106] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0127.107] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0127.108] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0127.109] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0127.110] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0127.111] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0127.112] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0127.113] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0127.114] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0127.115] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0127.116] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0127.117] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.211] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0127.213] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0127.214] Process32Next (in: hSnapshot=0x328, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0127.214] CloseHandle (hObject=0x328) returned 1 [0127.327] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x348 [0127.335] Process32First (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.336] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0127.337] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0127.339] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0127.340] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0127.341] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0127.342] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0127.343] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0127.344] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0127.347] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.348] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.349] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0127.350] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.351] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.352] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.353] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.355] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.356] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.357] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.359] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0127.359] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0127.360] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.361] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0127.362] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0127.363] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0127.364] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0127.365] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0127.367] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.368] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0127.369] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0127.370] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0127.371] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0127.372] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0127.373] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0127.373] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0127.374] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0127.375] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0127.376] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0127.377] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0127.378] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0127.379] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0127.379] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0127.380] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0127.381] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0127.382] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0127.383] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0127.384] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0127.385] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0127.386] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0127.387] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0127.388] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0127.388] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0127.389] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0127.390] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0127.391] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0127.392] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0127.393] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0127.394] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0127.395] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0127.396] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0127.397] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0127.398] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0127.499] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0127.501] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0127.502] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0127.503] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0127.504] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0127.506] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0127.507] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0127.508] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0127.515] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0127.516] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0127.517] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0127.518] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0127.520] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0127.521] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0127.522] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0127.523] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0127.528] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0127.530] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0127.532] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0127.533] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0127.534] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0127.536] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0127.537] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0127.539] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0127.567] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0127.594] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0127.595] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0127.597] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0127.598] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0127.600] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0127.601] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0127.609] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0127.610] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0127.612] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0127.613] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.614] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0127.619] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0127.620] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0127.621] CloseHandle (hObject=0x348) returned 1 [0127.716] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x348 [0127.725] Process32First (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.726] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0127.728] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0127.731] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0127.733] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0127.734] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0127.735] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0127.736] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0127.737] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0127.739] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.740] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.741] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0127.742] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.747] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.748] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.749] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.751] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.752] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.753] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.754] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0127.756] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0127.757] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.758] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0127.758] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0127.801] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0127.801] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0127.802] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0127.803] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.804] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0127.805] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0127.826] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0127.827] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0127.828] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0127.828] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0127.829] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0127.830] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0127.831] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0127.832] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0127.833] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0127.834] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0127.835] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0127.836] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0127.838] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0127.842] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0127.843] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0127.845] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0127.846] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0127.847] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0127.849] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0127.850] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0127.851] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0127.857] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0127.858] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0127.859] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0127.875] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0127.879] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0127.880] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0127.881] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0127.883] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0127.885] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0127.887] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0127.888] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0127.889] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0127.891] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0127.892] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0127.893] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0127.894] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0127.896] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0127.897] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0127.898] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0127.902] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0127.903] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0127.905] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0127.906] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0127.907] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0127.908] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0127.909] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0127.910] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0127.912] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0127.913] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0127.914] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0127.929] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0127.931] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0127.933] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0127.934] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0127.935] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0127.937] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0127.938] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0127.939] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0127.941] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0127.942] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0127.943] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0127.945] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0127.946] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0127.950] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0127.951] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0127.953] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.954] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0127.955] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0127.957] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0127.957] CloseHandle (hObject=0x348) returned 1 [0128.019] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x348 [0128.030] Process32First (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.031] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0128.032] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0128.034] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.035] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0128.036] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.037] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0128.038] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0128.039] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0128.043] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.045] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.046] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0128.047] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.048] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.049] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.050] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.052] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.053] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.054] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.055] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0128.063] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0128.065] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.066] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0128.067] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0128.067] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0128.069] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0128.070] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0128.071] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.074] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0128.075] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0128.076] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0128.077] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0128.078] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0128.079] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0128.080] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0128.081] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0128.082] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0128.083] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0128.084] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0128.085] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0128.085] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0128.086] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0128.090] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0128.092] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0128.093] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0128.094] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0128.095] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0128.096] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0128.097] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0128.098] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0128.100] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0128.101] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0128.128] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0128.262] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0128.264] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0128.265] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0128.266] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0128.268] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0128.270] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0128.272] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0128.274] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0128.277] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0128.279] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0128.281] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0128.283] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0128.285] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0128.286] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0128.288] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0128.299] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0128.302] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0128.509] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0128.511] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0128.516] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0128.517] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0128.518] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0128.520] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0128.521] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0128.523] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0128.525] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0128.526] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0128.527] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0128.529] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0128.530] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0128.531] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0128.532] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0128.533] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0128.534] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0128.536] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0128.537] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0128.537] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0128.538] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0128.539] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0128.560] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0128.561] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0128.562] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0128.563] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0128.564] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.565] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0128.566] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0128.586] Process32Next (in: hSnapshot=0x348, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0128.587] CloseHandle (hObject=0x348) returned 1 [0128.704] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x360 [0128.713] Process32First (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.714] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0128.716] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0128.717] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.718] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0128.719] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.721] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0128.723] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0128.724] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0128.725] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.726] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.728] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0128.729] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.730] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.732] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.733] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.734] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.735] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.737] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.738] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0128.739] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0128.740] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.741] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0128.743] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0128.744] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0128.753] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0128.754] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0128.755] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.756] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0128.757] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0128.758] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0128.758] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0128.759] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0128.760] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0128.761] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0128.762] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0128.763] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0128.763] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0128.764] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0128.765] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0128.766] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0128.767] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0128.768] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0128.769] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0128.770] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0128.771] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0128.772] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0128.772] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0128.773] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0128.774] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0128.775] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0128.776] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0128.777] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0128.778] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0128.778] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0128.779] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0128.780] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0128.781] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0128.782] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0128.784] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0128.786] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0128.788] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0128.790] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0128.792] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0128.793] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0128.795] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0128.796] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0128.797] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0128.800] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0128.802] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0128.804] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0128.805] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0128.806] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0128.808] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0128.809] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0128.810] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0128.812] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0128.813] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0128.827] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0128.828] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0128.830] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0128.832] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0128.833] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0128.834] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0128.836] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0128.837] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0128.839] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0128.840] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0128.846] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0128.848] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0128.849] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0128.850] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0128.852] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0128.853] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0128.854] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0128.855] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0128.857] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.858] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0128.859] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0128.860] Process32Next (in: hSnapshot=0x360, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0128.861] CloseHandle (hObject=0x360) returned 1 [0128.941] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x364 [0128.949] Process32First (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0128.950] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0128.951] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0128.953] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.954] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0128.957] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0128.958] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0128.959] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0128.960] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0128.961] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.962] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.963] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0128.964] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.965] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.967] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.968] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.969] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.970] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.971] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.972] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0128.973] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0128.974] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.975] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0128.982] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0128.983] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0128.984] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0128.985] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0128.986] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0128.987] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0128.987] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0128.988] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0128.989] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0128.991] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0128.992] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0128.993] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0128.993] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0128.994] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0128.995] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0128.996] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0128.997] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0128.997] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0128.999] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0128.999] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0129.000] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0129.001] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0129.003] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0129.004] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0129.005] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0129.006] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0129.007] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0129.009] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0129.010] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0129.011] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0129.012] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0129.013] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0129.014] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0129.016] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0129.017] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0129.057] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0129.059] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0129.060] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0129.062] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0129.063] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0129.065] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0129.067] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0129.068] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0129.069] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0129.070] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0129.071] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0129.073] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0129.074] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0129.075] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0129.077] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0129.078] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0129.080] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0129.081] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0129.083] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0129.085] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0129.086] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0129.087] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0129.089] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0129.090] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0129.091] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0129.093] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0129.094] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0129.095] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0129.126] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0129.144] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0129.145] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0129.147] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0129.148] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0129.149] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0129.150] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0129.151] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0129.152] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0129.153] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0129.154] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.155] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0129.155] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0129.156] Process32Next (in: hSnapshot=0x364, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0129.157] CloseHandle (hObject=0x364) returned 1 [0129.236] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x36c [0129.256] Process32First (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.258] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0129.259] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0129.260] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0129.261] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0129.263] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0129.264] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0129.265] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0129.266] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0129.268] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.269] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.270] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0129.271] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.272] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.273] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.275] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.276] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.277] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.278] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.279] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0129.280] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0129.302] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.329] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0129.331] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0129.332] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0129.333] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0129.334] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0129.335] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.336] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0129.337] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0129.339] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0129.340] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0129.341] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0129.342] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0129.343] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0129.344] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0129.350] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0129.352] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0129.353] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0129.354] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0129.355] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0129.356] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0129.357] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0129.359] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0129.360] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0129.361] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0129.362] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0129.363] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0129.409] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0129.410] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0129.411] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0129.413] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0129.414] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0129.415] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0129.416] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0129.417] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0129.418] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0129.419] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0129.421] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0129.422] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0129.423] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0129.424] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0129.425] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0129.428] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0129.429] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0129.430] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0129.432] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0129.433] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0129.434] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0129.435] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0129.436] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0129.437] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0129.438] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0129.440] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0129.441] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0129.458] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0129.459] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0129.460] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0129.461] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0129.463] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0129.464] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0129.465] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0129.466] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0129.467] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0129.468] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0129.469] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0129.471] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0129.472] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0129.473] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0129.474] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0129.475] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0129.476] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0129.477] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0129.478] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0129.479] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0129.480] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0129.481] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.482] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0129.483] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0129.484] Process32Next (in: hSnapshot=0x36c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0129.485] CloseHandle (hObject=0x36c) returned 1 [0129.582] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x374 [0129.590] Process32First (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.591] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0129.592] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0129.593] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0129.595] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0129.596] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0129.598] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0129.599] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0129.600] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0129.601] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.602] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.603] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0129.604] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.605] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.607] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.608] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.609] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.610] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.612] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.613] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0129.614] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0129.614] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.615] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0129.616] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0129.617] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0129.618] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0129.664] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0129.664] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.665] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0129.666] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0129.667] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0129.668] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0129.669] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0129.670] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0129.670] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0129.671] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0129.672] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0129.673] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0129.674] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0129.675] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0129.676] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0129.677] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0129.678] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0129.679] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0129.680] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0129.680] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0129.681] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0129.682] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0129.683] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0129.684] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0129.685] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0129.685] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0129.686] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0129.687] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0129.688] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0129.689] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0129.690] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0129.691] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0129.692] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0129.693] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0129.694] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0129.696] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0129.711] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0129.713] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0129.714] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0129.715] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0129.716] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0129.717] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0129.719] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0129.723] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0129.725] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0129.728] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0129.730] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0129.733] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0129.735] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0129.737] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0129.741] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0129.744] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0129.748] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0129.751] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0129.778] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0129.780] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0129.781] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0129.782] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0129.783] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0129.784] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0129.786] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0129.787] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0129.788] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0129.789] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0129.789] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0129.790] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0129.791] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0129.792] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0129.793] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0129.793] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0129.794] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.795] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0129.796] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0129.797] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0129.798] CloseHandle (hObject=0x374) returned 1 [0129.939] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x374 [0129.946] Process32First (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0129.947] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0129.948] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0129.949] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0129.950] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0129.951] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0129.952] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0129.953] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0129.954] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0129.956] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.957] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.958] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0129.959] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.960] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.961] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.962] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.963] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.964] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.965] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.966] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0129.967] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0129.968] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.968] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0129.969] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0129.970] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0129.971] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0129.972] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0129.972] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.973] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0129.974] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0129.975] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0129.975] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0129.976] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0129.999] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0130.020] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0130.021] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0130.022] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0130.023] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0130.024] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0130.025] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0130.026] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0130.027] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0130.028] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0130.029] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0130.030] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0130.032] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0130.032] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0130.035] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0130.036] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0130.037] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0130.038] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0130.039] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0130.040] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0130.041] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0130.041] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0130.042] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0130.043] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0130.044] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0130.045] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0130.046] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0130.047] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0130.048] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0130.049] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0130.050] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0130.051] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0130.052] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0130.053] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0130.054] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0130.055] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0130.076] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0130.096] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0130.097] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0130.098] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0130.100] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0130.101] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0130.101] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0130.102] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0130.103] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0130.104] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0130.105] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0130.106] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0130.107] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0130.108] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0130.109] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0130.110] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0130.111] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0130.112] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0130.113] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0130.114] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0130.115] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0130.116] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0130.116] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0130.117] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0130.118] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0130.119] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0130.120] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0130.121] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.122] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0130.122] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0130.123] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0130.124] CloseHandle (hObject=0x374) returned 1 [0130.176] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x374 [0130.182] Process32First (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.184] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0130.185] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0130.186] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0130.187] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0130.188] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0130.190] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0130.191] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0130.192] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0130.193] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.194] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.195] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0130.196] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.197] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.198] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.199] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.200] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.201] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.202] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.203] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0130.204] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0130.204] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.205] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0130.206] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0130.207] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0130.207] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0130.209] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0130.209] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.210] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0130.281] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0130.282] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0130.282] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0130.283] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0130.284] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0130.285] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0130.286] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0130.287] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0130.288] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0130.290] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0130.290] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0130.291] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0130.292] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0130.293] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0130.294] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0130.295] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0130.296] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0130.297] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0130.299] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0130.300] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0130.301] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0130.302] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0130.302] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0130.303] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0130.304] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0130.305] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0130.305] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0130.308] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0130.309] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0130.310] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0130.311] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0130.312] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0130.313] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0130.381] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0130.383] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0130.384] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0130.385] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0130.386] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0130.388] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0130.389] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0130.390] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0130.392] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0130.393] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0130.395] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0130.396] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0130.397] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0130.398] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0130.399] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0130.401] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0130.402] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0130.403] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0130.404] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0130.406] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0130.407] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0130.408] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0130.409] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0130.410] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0130.411] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0130.412] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0130.412] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0130.413] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0130.455] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0130.456] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0130.457] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0130.458] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0130.459] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0130.459] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0130.460] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.461] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0130.462] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0130.463] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0130.463] CloseHandle (hObject=0x374) returned 1 [0130.582] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x374 [0130.593] Process32First (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.595] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0130.597] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0130.598] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0130.599] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0130.601] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0130.602] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0130.603] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0130.605] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0130.606] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.607] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.608] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0130.610] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.611] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.613] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.614] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.627] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.628] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.629] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.631] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0130.632] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0130.633] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.634] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0130.635] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0130.635] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0130.636] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0130.637] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0130.638] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.639] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0130.640] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0130.641] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0130.642] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0130.643] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0130.644] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0130.645] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0130.646] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0130.647] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0130.648] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0130.649] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0130.650] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0130.650] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0130.651] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0130.652] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0130.653] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0130.654] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0130.655] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0130.656] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0130.657] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0130.658] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0130.659] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0130.660] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0130.661] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0130.663] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0130.664] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0130.665] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0130.666] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0130.667] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0130.668] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0130.669] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0130.671] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0130.672] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0130.675] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0130.676] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0130.677] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0130.678] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0130.679] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0130.680] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0130.681] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0130.682] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0130.682] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0130.684] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0130.684] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0130.685] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0130.686] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0130.687] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0130.688] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0130.689] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0130.690] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0130.691] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0130.692] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0130.693] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0130.694] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0130.695] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0130.696] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0130.696] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0130.697] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0130.698] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0130.699] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0130.717] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0130.718] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0130.719] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0130.719] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0130.720] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0130.721] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0130.722] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0130.723] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0130.724] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.725] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0130.726] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0130.726] Process32Next (in: hSnapshot=0x374, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0130.727] CloseHandle (hObject=0x374) returned 1 [0130.806] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x378 [0130.823] Process32First (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0130.824] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0130.825] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0130.826] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0130.827] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0130.828] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0130.829] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0130.835] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0130.836] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0130.837] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.838] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.840] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0130.841] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.842] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.843] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.844] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.845] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.846] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.847] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.848] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0130.848] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0130.852] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.852] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0130.853] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0130.854] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0130.855] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0130.856] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0130.856] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0130.857] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0130.858] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0130.858] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0130.859] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0130.939] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0130.965] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0130.971] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0130.972] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0130.973] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0130.974] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0130.975] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0130.976] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0130.977] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0130.978] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0130.980] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0130.981] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0130.982] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0130.983] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0130.984] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0130.984] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0130.985] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0130.988] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0130.989] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0130.990] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0130.991] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0130.992] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0130.992] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0130.993] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0130.994] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0130.994] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0130.995] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0130.997] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0130.998] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0130.998] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0130.999] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0131.001] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0131.002] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0131.128] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0131.130] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0131.132] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0131.133] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0131.134] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0131.135] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0131.136] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0131.137] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0131.138] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0131.139] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0131.140] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0131.141] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0131.143] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0131.144] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0131.146] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0131.147] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0131.148] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0131.150] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0131.151] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0131.153] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0131.155] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0131.156] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0131.158] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0131.159] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0131.161] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0131.162] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0131.164] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0131.165] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0131.168] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0131.169] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0131.170] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0131.172] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.173] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0131.223] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0131.224] Process32Next (in: hSnapshot=0x378, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0131.224] CloseHandle (hObject=0x378) returned 1 [0131.285] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x3c8 [0131.321] Process32First (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.322] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0131.323] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0131.324] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0131.325] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0131.327] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0131.328] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0131.329] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0131.330] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0131.331] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.332] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.333] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0131.334] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.335] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.336] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.338] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.339] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.340] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.341] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.342] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0131.343] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0131.344] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.345] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0131.357] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0131.393] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0131.394] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0131.395] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0131.396] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.397] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0131.398] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0131.399] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0131.400] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0131.401] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0131.402] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0131.403] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0131.404] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0131.405] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0131.406] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0131.408] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0131.409] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0131.410] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0131.411] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0131.412] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0131.413] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0131.414] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0131.415] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0131.416] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0131.416] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0131.417] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0131.418] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0131.419] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0131.419] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0131.420] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0131.421] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0131.422] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0131.422] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0131.423] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0131.461] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0131.463] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0131.464] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0131.465] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0131.466] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0131.467] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0131.468] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0131.469] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0131.470] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0131.471] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0131.472] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0131.473] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0131.474] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0131.475] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0131.476] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0131.477] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0131.478] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0131.479] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0131.480] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0131.481] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0131.482] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0131.483] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0131.484] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0131.485] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0131.486] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0131.487] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0131.488] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0131.489] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0131.490] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0131.491] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0131.491] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0131.492] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0131.493] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0131.494] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0131.495] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0131.496] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0131.497] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0131.498] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0131.499] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0131.500] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.501] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0131.502] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0131.503] Process32Next (in: hSnapshot=0x3c8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0131.503] CloseHandle (hObject=0x3c8) returned 1 [0131.576] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x414 [0131.586] Process32First (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.587] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0131.588] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0131.589] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0131.591] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0131.592] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0131.593] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0131.594] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0131.596] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0131.597] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.598] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.599] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0131.601] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.602] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.603] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.604] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.605] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.607] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.608] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.609] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0131.610] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0131.628] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.629] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0131.630] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0131.632] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0131.633] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0131.634] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0131.635] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.636] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0131.638] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0131.639] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0131.640] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0131.641] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0131.642] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0131.644] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0131.645] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0131.647] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0131.648] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0131.649] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0131.650] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0131.651] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0131.652] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0131.653] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0131.654] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0131.655] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0131.656] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0131.657] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0131.658] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0131.659] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0131.660] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0131.660] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0131.661] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0131.662] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0131.663] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0131.664] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0131.665] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0131.667] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0131.668] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0131.669] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0131.671] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0131.673] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0131.708] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0131.710] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0131.712] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0131.713] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0131.715] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0131.717] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0131.718] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0131.734] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0131.738] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0131.742] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0131.745] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0131.747] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0131.749] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0131.751] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0131.801] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0131.803] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0131.804] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0131.805] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0131.806] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0131.807] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0131.808] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0131.809] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0131.810] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0131.811] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0131.813] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0131.814] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0131.822] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0131.824] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0131.825] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0131.826] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0131.826] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0131.827] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0131.828] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0131.829] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0131.832] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0131.833] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.834] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0131.835] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0131.835] Process32Next (in: hSnapshot=0x414, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0131.836] CloseHandle (hObject=0x414) returned 1 [0131.944] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4d4 [0131.976] Process32First (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0131.977] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0131.979] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0131.980] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0131.981] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0131.982] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0131.984] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0131.985] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0131.988] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0131.989] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.991] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.992] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0131.994] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.995] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.996] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.997] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0131.998] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.000] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.001] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.049] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0132.050] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0132.051] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.052] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0132.053] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0132.054] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0132.054] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0132.055] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0132.056] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.057] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0132.058] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0132.059] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0132.060] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0132.061] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0132.061] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0132.062] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0132.063] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0132.064] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0132.065] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0132.066] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0132.066] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0132.067] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0132.068] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0132.069] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0132.070] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0132.071] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0132.071] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0132.072] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0132.073] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0132.074] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0132.075] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0132.076] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0132.076] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0132.077] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0132.078] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0132.079] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0132.080] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0132.081] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0132.082] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0132.083] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0132.085] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0132.086] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0132.087] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0132.089] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0132.090] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0132.092] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0132.093] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0132.095] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0132.145] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0132.147] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0132.148] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0132.149] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0132.151] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0132.152] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0132.153] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0132.154] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0132.155] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0132.156] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0132.158] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0132.159] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0132.160] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0132.161] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0132.162] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0132.163] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0132.164] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0132.165] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0132.166] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0132.167] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0132.168] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0132.169] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0132.170] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0132.171] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0132.172] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0132.173] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0132.174] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0132.175] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0132.176] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0132.177] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.178] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0132.179] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0132.180] Process32Next (in: hSnapshot=0x4d4, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0132.180] CloseHandle (hObject=0x4d4) returned 1 [0132.256] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4fc [0132.264] Process32First (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.265] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0132.266] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0132.268] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0132.269] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0132.270] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0132.272] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0132.273] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0132.274] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0132.275] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.276] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.278] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0132.279] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.280] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.281] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.282] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.283] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.284] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.286] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.287] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0132.288] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0132.289] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.290] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0132.291] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0132.292] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0132.293] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0132.294] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0132.294] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.295] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0132.296] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0132.297] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0132.298] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0132.302] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0132.303] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0132.304] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0132.305] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0132.306] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0132.307] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0132.307] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0132.308] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0132.309] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0132.310] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0132.311] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0132.312] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0132.313] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0132.313] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0132.315] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0132.316] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0132.318] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0132.319] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0132.320] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0132.321] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0132.323] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0132.324] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0132.325] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0132.327] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0132.328] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0132.329] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0132.331] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0132.333] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0132.334] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0132.336] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0132.338] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0132.340] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0132.341] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0132.343] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0132.344] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0132.345] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0132.355] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0132.356] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0132.357] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0132.359] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0132.360] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0132.361] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0132.363] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0132.364] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0132.365] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0132.366] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0132.368] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0132.369] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0132.370] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0132.371] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0132.372] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0132.373] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0132.374] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0132.375] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0132.377] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0132.378] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0132.379] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0132.380] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0132.381] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0132.382] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0132.383] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0132.384] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0132.385] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0132.386] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0132.387] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.388] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0132.389] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0132.390] Process32Next (in: hSnapshot=0x4fc, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0132.391] CloseHandle (hObject=0x4fc) returned 1 [0132.460] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x530 [0132.470] Process32First (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.472] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0132.473] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0132.474] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0132.475] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0132.476] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0132.478] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0132.479] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0132.481] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0132.482] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.483] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.485] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0132.487] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.489] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.491] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.492] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.494] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.495] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.497] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.498] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0132.499] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0132.500] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.501] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0132.502] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0132.508] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0132.509] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0132.510] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0132.511] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.512] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0132.513] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0132.514] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0132.515] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0132.515] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0132.516] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0132.517] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0132.518] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0132.519] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0132.520] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0132.521] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0132.522] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0132.523] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0132.524] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0132.524] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0132.525] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0132.526] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0132.527] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0132.528] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0132.528] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0132.529] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0132.530] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0132.531] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0132.532] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0132.532] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0132.552] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0132.553] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0132.554] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0132.555] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0132.556] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0132.557] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0132.558] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0132.559] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0132.560] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0132.562] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0132.563] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0132.598] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0132.600] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0132.601] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0132.603] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0132.604] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0132.605] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0132.607] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0132.608] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0132.610] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0132.612] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0132.613] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0132.615] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0132.616] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0132.617] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0132.619] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0132.620] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0132.622] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0132.623] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0132.625] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0132.626] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0132.628] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0132.629] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0132.630] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0132.631] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0132.632] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0132.633] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0132.634] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0132.635] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0132.635] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0132.636] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0132.637] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0132.638] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0132.639] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.640] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0132.641] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0132.642] Process32Next (in: hSnapshot=0x530, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0132.657] CloseHandle (hObject=0x530) returned 1 [0132.749] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x4f8 [0132.759] Process32First (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0132.760] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0132.762] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0132.763] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0132.764] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0132.766] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0132.767] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0132.768] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0132.770] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0132.771] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.772] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.773] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0132.774] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.776] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.777] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.778] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.779] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.780] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.782] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.783] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0132.847] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0132.847] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.848] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0132.849] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0132.850] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0132.851] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0132.851] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0132.852] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.853] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0132.854] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0132.855] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0132.856] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0132.857] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0132.858] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0132.859] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0132.859] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0132.860] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0132.861] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0132.862] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0132.863] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0132.864] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0132.865] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0132.865] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0132.866] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0132.867] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0132.868] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0132.869] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0132.869] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0132.870] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0132.871] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0132.872] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0132.873] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0132.873] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0132.874] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0132.875] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0132.876] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0132.876] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0132.877] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0132.879] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0132.880] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0132.881] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0132.882] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0132.883] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0132.885] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0132.886] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0132.887] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0132.888] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0132.890] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0132.891] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0132.892] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0132.913] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0132.915] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0132.916] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0132.918] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0132.919] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0132.921] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0132.923] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0132.926] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0132.928] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0132.929] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0132.931] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0132.932] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0132.936] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0132.938] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0132.939] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0132.941] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0132.942] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0132.944] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0132.945] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0132.946] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0132.947] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0132.948] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0132.949] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0132.950] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0132.951] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0132.952] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0132.953] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0132.953] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0132.954] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0132.964] Process32Next (in: hSnapshot=0x4f8, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0132.965] CloseHandle (hObject=0x4f8) returned 1 [0133.052] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x5d0 [0133.060] Process32First (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.061] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0133.062] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0133.063] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.064] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0133.066] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.067] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0133.069] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0133.070] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0133.071] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.072] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.073] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0133.074] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.075] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.076] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.078] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.079] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.080] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.082] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.083] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0133.084] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0133.085] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.086] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0133.087] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0133.089] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0133.090] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0133.091] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0133.092] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.093] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0133.094] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0133.095] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.148] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0133.149] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0133.150] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0133.151] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0133.152] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0133.153] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0133.154] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0133.155] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0133.156] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0133.157] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0133.159] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0133.160] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0133.161] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0133.162] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0133.163] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0133.164] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0133.165] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0133.166] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0133.168] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0133.169] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0133.170] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0133.171] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0133.172] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0133.173] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0133.174] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0133.176] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0133.177] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0133.178] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0133.180] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0133.181] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0133.183] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0133.185] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0133.186] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0133.188] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0133.228] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0133.229] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0133.231] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0133.232] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0133.234] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0133.236] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0133.237] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0133.239] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0133.240] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0133.242] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0133.244] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0133.245] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0133.247] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0133.248] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0133.250] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0133.251] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0133.253] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0133.255] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0133.256] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0133.258] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0133.259] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0133.260] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0133.261] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0133.262] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0133.264] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0133.265] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0133.266] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0133.267] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0133.301] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0133.302] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0133.303] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.304] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.305] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0133.306] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0133.307] Process32Next (in: hSnapshot=0x5d0, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0133.307] CloseHandle (hObject=0x5d0) returned 1 [0133.361] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x53c [0133.370] Process32First (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.371] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0133.372] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0133.373] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.375] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0133.376] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.377] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0133.379] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0133.380] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0133.381] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.382] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.383] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0133.384] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.385] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.386] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.388] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.389] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.390] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.391] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.395] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0133.396] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0133.397] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.398] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0133.399] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0133.400] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0133.401] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0133.402] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0133.404] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.405] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0133.406] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0133.407] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.410] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0133.411] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0133.412] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0133.413] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0133.414] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0133.415] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0133.416] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0133.417] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0133.419] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0133.420] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0133.421] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0133.422] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0133.423] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0133.427] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0133.428] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0133.429] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0133.430] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0133.432] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0133.433] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0133.434] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0133.435] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0133.436] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0133.436] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0133.437] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0133.438] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0133.440] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0133.441] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0133.443] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0133.444] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0133.446] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0133.448] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0133.449] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0133.451] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0133.453] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0133.454] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0133.457] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0133.458] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0133.460] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0133.461] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0133.463] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0133.464] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0133.465] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0133.467] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0133.468] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0133.470] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0133.471] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0133.472] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0133.473] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0133.474] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0133.476] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0133.477] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0133.478] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0133.479] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0133.480] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0133.481] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0133.482] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0133.483] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0133.484] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0133.484] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0133.485] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0133.486] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0133.487] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0133.488] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0133.489] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0133.490] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.491] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.492] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0133.493] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0133.494] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0133.494] CloseHandle (hObject=0x53c) returned 1 [0133.565] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x53c [0133.580] Process32First (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.582] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0133.583] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0133.584] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.585] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0133.587] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.588] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0133.589] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0133.590] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0133.592] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.593] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.594] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0133.595] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.596] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.598] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.599] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.600] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.601] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4d, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.602] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.603] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0133.604] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0133.605] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.606] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0133.607] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0133.607] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0133.608] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0133.609] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0133.610] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.611] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0133.625] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0133.626] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.626] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0133.627] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0133.628] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0133.629] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0133.630] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0133.631] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0133.632] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0133.633] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0133.634] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0133.634] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0133.635] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0133.636] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0133.637] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0133.638] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0133.638] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0133.639] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0133.640] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0133.641] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0133.642] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0133.643] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0133.644] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0133.644] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0133.645] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0133.646] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0133.647] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0133.648] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0133.648] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0133.650] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0133.651] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0133.653] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0133.654] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0133.655] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0133.657] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0133.658] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0133.672] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0133.673] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0133.675] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0133.676] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0133.677] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0133.678] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0133.679] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0133.680] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0133.681] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0133.682] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0133.683] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0133.684] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0133.686] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0133.687] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0133.688] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0133.689] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0133.690] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0133.691] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0133.692] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0133.693] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0133.694] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0133.695] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0133.696] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0133.697] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0133.698] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0133.699] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0133.700] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0133.701] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0133.702] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0133.703] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0133.704] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.705] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.709] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0133.709] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0133.710] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0133.711] CloseHandle (hObject=0x53c) returned 1 [0133.770] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x53c [0133.780] Process32First (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.781] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0133.782] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0133.783] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.785] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0133.786] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0133.787] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0133.789] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0133.790] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0133.791] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.792] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.793] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0133.794] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.795] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.797] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.798] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.799] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.800] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4c, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.801] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.802] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0133.803] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0133.804] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.805] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0133.806] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0133.807] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0133.807] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0133.808] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0133.809] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.810] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0133.811] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0133.811] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.812] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0133.813] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0133.814] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0133.823] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0133.824] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0133.825] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0133.826] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0133.827] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0133.827] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0133.828] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0133.829] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0133.830] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0133.831] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0133.832] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0133.834] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0133.835] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0133.836] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0133.837] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0133.838] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0133.839] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0133.840] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0133.841] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0133.842] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0133.843] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0133.845] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0133.846] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0133.847] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0133.848] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0133.850] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0133.852] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0133.854] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0133.855] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0133.856] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0133.857] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0133.859] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0133.860] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0133.861] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0133.865] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0133.867] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0133.868] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0133.869] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0133.870] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0133.871] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0133.873] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0133.874] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0133.875] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0133.876] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0133.878] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0133.879] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0133.880] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0133.881] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0133.882] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0133.883] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0133.884] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0133.885] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0133.886] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0133.887] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0133.888] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0133.889] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0133.890] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0133.891] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0133.894] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0133.895] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0133.902] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0133.906] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0133.918] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0133.920] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0133.923] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0133.930] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0133.931] CloseHandle (hObject=0x53c) returned 1 [0133.987] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x53c [0133.996] Process32First (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0133.997] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0133.998] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0134.000] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0134.001] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0134.002] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0134.004] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0134.005] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0134.006] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0134.007] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.009] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.010] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0134.011] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.012] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.013] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.014] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.016] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.017] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.018] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.020] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0134.021] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0134.021] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.022] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0134.023] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0134.024] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0134.025] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0134.026] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0134.027] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.027] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0134.028] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0134.029] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0134.030] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0134.031] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0134.031] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0134.032] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0134.033] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0134.036] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0134.037] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0134.038] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0134.039] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0134.039] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0134.040] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0134.041] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0134.042] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0134.043] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0134.044] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0134.044] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0134.045] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0134.046] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0134.047] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0134.048] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0134.049] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0134.050] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0134.051] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0134.052] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0134.052] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0134.053] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0134.054] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0134.055] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0134.057] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0134.058] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0134.059] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0134.060] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0134.062] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0134.063] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0134.064] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0134.068] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0134.073] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0134.075] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0134.077] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0134.079] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0134.081] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0134.083] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0134.085] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0134.087] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0134.090] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0134.091] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0134.093] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0134.094] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0134.096] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0134.097] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0134.099] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0134.100] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0134.101] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0134.103] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0134.104] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0134.106] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0134.107] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0134.108] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0134.109] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0134.111] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0134.112] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0134.113] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0134.115] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0134.116] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0134.116] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0134.117] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.118] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0134.119] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0134.122] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0134.123] CloseHandle (hObject=0x53c) returned 1 [0134.182] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x53c [0134.191] Process32First (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.193] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0134.194] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0134.196] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0134.197] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0134.199] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0134.200] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0134.201] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0134.203] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0134.204] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.205] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.207] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0134.208] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.209] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.210] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.211] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.212] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.214] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.216] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.217] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0134.218] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0134.220] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.221] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0134.222] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0134.224] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0134.225] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0134.227] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0134.228] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.231] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0134.233] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0134.235] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0134.236] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0134.237] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0134.238] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0134.239] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0134.240] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0134.241] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0134.242] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0134.243] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0134.244] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0134.245] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0134.246] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0134.247] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0134.248] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0134.249] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0134.250] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0134.251] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0134.252] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0134.253] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0134.254] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0134.255] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0134.256] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0134.257] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0134.258] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0134.259] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0134.261] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0134.262] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0134.263] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0134.264] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0134.266] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0134.267] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0134.269] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0134.271] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0134.272] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0134.274] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0134.279] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0134.281] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0134.283] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0134.285] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0134.288] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0134.290] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0134.292] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0134.295] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0134.297] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0134.299] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0134.301] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0134.303] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0134.306] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0134.308] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0134.310] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0134.312] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0134.314] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0134.316] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0134.319] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0134.320] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0134.322] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0134.327] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0134.328] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0134.330] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0134.331] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0134.333] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0134.334] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0134.335] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0134.337] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0134.338] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0134.340] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0134.341] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.342] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0134.343] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0134.345] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0134.346] CloseHandle (hObject=0x53c) returned 1 [0134.417] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x53c [0134.426] Process32First (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.427] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0134.429] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0134.430] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0134.431] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0134.433] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0134.434] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0134.435] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0134.436] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0134.437] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.439] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.440] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0134.441] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.442] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.443] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.444] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.446] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.447] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.448] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.450] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0134.451] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0134.451] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.452] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0134.453] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0134.454] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0134.455] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0134.456] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0134.457] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.457] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0134.458] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0134.459] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0134.460] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0134.461] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0134.462] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0134.463] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0134.465] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0134.466] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0134.467] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0134.468] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0134.468] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0134.469] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0134.470] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0134.471] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0134.472] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0134.473] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0134.473] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0134.474] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0134.475] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0134.476] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0134.477] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0134.478] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0134.478] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0134.481] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0134.482] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0134.483] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0134.483] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0134.484] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0134.485] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0134.486] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0134.487] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdbc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0134.489] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0134.490] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0134.491] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdd8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0134.493] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0134.494] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xdf4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0134.496] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0134.497] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0134.498] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0134.500] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0134.501] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0134.503] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0134.504] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0134.505] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0134.507] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe68, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0134.508] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0134.509] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0134.511] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0134.512] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0134.513] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xea0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0134.515] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0134.516] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xebc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0134.517] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0134.518] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xed4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0134.519] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xee4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0134.520] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0134.521] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xefc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0134.522] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0134.523] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf10, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0134.524] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0134.525] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0134.526] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="because various.exe")) returned 1 [0134.527] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="western-blue.exe")) returned 1 [0134.528] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xf80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x2bc, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0134.529] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0134.530] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xaa0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backgroundTaskHost.exe")) returned 1 [0134.531] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0134.532] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.533] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0134.534] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x12c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Client.exe")) returned 1 [0134.535] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1aaed980, th32DefaultHeapID=0x1, th32ModuleID=0xeb365967, cntThreads=0x8c86, th32ParentProcessID=0xcd7a8948, pcPriClassBase=32763, dwFlags=0x1ac6f098, szExeFile="")) returned 0 [0134.536] CloseHandle (hObject=0x53c) returned 1 [0134.588] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x53c [0134.597] Process32First (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0134.598] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x75, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0134.599] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x134, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0134.600] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0134.602] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x178, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0134.603] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0134.604] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1b4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0134.606] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0134.607] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1bc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0134.608] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x26c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.610] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x28c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.611] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1f8, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0134.612] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.614] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.615] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.616] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.617] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.619] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x128, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4b, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.626] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x458, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.628] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0134.629] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0134.630] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x600, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.631] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x674, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0134.632] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0134.633] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x29, th32ParentProcessID=0x7e0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0134.634] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0134.634] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x948, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0134.636] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0134.636] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x210, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0134.637] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x128, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0134.638] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x26c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0134.639] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="iexplore.exe")) returned 1 [0134.640] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="tend_list.exe")) returned 1 [0134.641] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="everything.exe")) returned 1 [0134.642] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="thirdifresponsibility.exe")) returned 1 [0134.643] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="middlecheckteam.exe")) returned 1 [0134.644] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xca0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="prove.exe")) returned 1 [0134.645] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="fear_his.exe")) returned 1 [0134.646] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="win.exe")) returned 1 [0134.647] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="race.exe")) returned 1 [0134.647] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xccc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="him unit start.exe")) returned 1 [0134.648] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xce4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="experience.exe")) returned 1 [0134.649] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="teacher.exe")) returned 1 [0134.650] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xcfc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="officer number author.exe")) returned 1 [0134.652] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="projectboypolicy.exe")) returned 1 [0134.652] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd14, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="as_responsibility.exe")) returned 1 [0134.653] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd1c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="customer.exe")) returned 1 [0134.654] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd2c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0134.655] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0134.656] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0134.657] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0134.658] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0134.659] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0134.660] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0134.661] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd7c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0134.661] Process32Next (in: hSnapshot=0x53c, lppe=0x1ac6f240 | out: lppe=0x1ac6f240*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xd8c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x4a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0134.662] Process32Next (in: hSnapshot=0x53c,